src/lib/https.c 1f0eb837f23375a1ed494f5f9a064e3c143a4f82

1f0eb837f23375a1ed494f5f9a064e3c143a4f82
galt
  Mon Jan 31 16:29:21 2022 -0800
Revert "For thread safety, moving the setenv so it is only called once during initialization."

This reverts commit f4c316f7a4e20c29a0e8f7b4e807af3f4da1878d.

diff --git src/lib/https.c src/lib/https.c
index 433ce1b..96836db 100644
--- src/lib/https.c
+++ src/lib/https.c
@@ -70,35 +70,30 @@
 static void xerr(char *msg)
 {
 fprintf(stderr, "%s\n", msg); fflush(stderr);
 }
 
 void initDomainWhiteListHash();   // forward declaration
 
 void openSslInit()
 /* do only once */
 {
 static boolean done = FALSE;
 static pthread_mutex_t osiMutex = PTHREAD_MUTEX_INITIALIZER;
 pthread_mutex_lock( &osiMutex );
 if (!done)
     {
-    // setenv here for thread-safety
-    setenv("https_cert_check", "log", 0);      // DEFAULT certificate check is log.
-    setenv("https_cert_check_depth", "9", 0);   // DEFAULT depth check level is 9.
-    setenv("https_cert_check_verbose", "off", 0);   // DEFAULT verbose is off.
-    setenv("https_cert_check_domain_exceptions", "", 0);   // DEFAULT space separated list is empty string.
     SSL_library_init();
     ERR_load_crypto_strings();
     ERR_load_SSL_strings();
     OpenSSL_add_all_algorithms();
     openssl_pthread_setup();
     myDataIndex = SSL_get_ex_new_index(0, "myDataIndex", NULL, NULL, NULL);
     initDomainWhiteListHash();
     done = TRUE;
     }
 pthread_mutex_unlock( &osiMutex );
 }
 
 
 void *netConnectHttpsThread(void *threadParam)
 /* use a thread to run socket back to user */
@@ -503,30 +498,38 @@
 	safef(wildHost, sizeof wildHost, "*%s", dot);
 	result = hashLookup(domainWhiteList, wildHost);
 	}
     }
 return result;
 }
 
 int netConnectHttps(char *hostName, int port, boolean noProxy)
 /* Return socket for https connection with server or -1 if error. */
 {
 
 int fd=0;
 
 // https_cert_check env var can be abort warn or none.
 
+setenv("https_cert_check", "log", 0);      // DEFAULT certificate check is log.
+
+setenv("https_cert_check_depth", "9", 0);   // DEFAULT depth check level is 9.
+
+setenv("https_cert_check_verbose", "off", 0);   // DEFAULT verbose is off.
+
+setenv("https_cert_check_domain_exceptions", "", 0);   // DEFAULT space separated list is empty string.
+
 char *proxyUrl = getenv("https_proxy");
 
 if (noProxy)
     proxyUrl = NULL;
 char *connectHost;
 int connectPort;
 
 BIO *fbio=NULL;  // file descriptor bio
 BIO *sbio=NULL;  // ssl bio
 SSL_CTX *ctx;
 SSL *ssl;
 
 openSslInit();
 
 ctx = SSL_CTX_new(SSLv23_client_method());