From 413631632b00918508f1ea7e8aec72b88c25b6ca Mon Sep 17 00:00:00 2001
From: Petar Paradzik <petar.paradzik@sartura.hr>
Date: Wed, 25 Oct 2017 15:27:06 +0200
Subject: [PATCH] ssl: fix segfault when using SSL_CTX that is not created

vhost->ssl_ctx is created in 'lws_tls_server_vhost_backend_init', but it
is used before in 'lws_tls_server_client_cert_verify_config' when
calling SSL_CTX_set_session_id_context...

Signed-off-by: Petar Paradzik <petar.paradzik@sartura.hr>
---
 lib/server/ssl-server.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/server/ssl-server.c b/lib/server/ssl-server.c
index f5531e40..cd1044da 100644
--- a/lib/server/ssl-server.c
+++ b/lib/server/ssl-server.c
@@ -73,8 +73,6 @@ lws_context_init_server_ssl(struct lws_context_creation_info *info,
 	 * as a server, if we are requiring clients to identify themselves
 	 * then set the backend up for it
 	 */
-	lws_tls_server_client_cert_verify_config(info, vhost);
-
 	if (lws_check_opt(info->options,
 			  LWS_SERVER_OPTION_ALLOW_NON_SSL_ON_SSL_PORT))
 		/* Normally SSL listener rejects non-ssl, optionally allow */
@@ -88,6 +86,8 @@ lws_context_init_server_ssl(struct lws_context_creation_info *info,
 		if (lws_tls_server_vhost_backend_init(info, vhost, &wsi))
 			return -1;
 
+		lws_tls_server_client_cert_verify_config(info, vhost);
+
 		vhost->protocols[0].callback(&wsi,
 			LWS_CALLBACK_OPENSSL_LOAD_EXTRA_SERVER_VERIFY_CERTS,
 			vhost->ssl_ctx, NULL, 0);