src/lib/https.c f4c316f7a4e20c29a0e8f7b4e807af3f4da1878d

f4c316f7a4e20c29a0e8f7b4e807af3f4da1878d
galt
  Mon Jan 31 13:34:34 2022 -0800
For thread safety, moving the setenv so it is only called once during initialization.

diff --git src/lib/https.c src/lib/https.c
index 96836db..433ce1b 100644
--- src/lib/https.c
+++ src/lib/https.c
@@ -70,30 +70,35 @@
 static void xerr(char *msg)
 {
 fprintf(stderr, "%s\n", msg); fflush(stderr);
 }
 
 void initDomainWhiteListHash();   // forward declaration
 
 void openSslInit()
 /* do only once */
 {
 static boolean done = FALSE;
 static pthread_mutex_t osiMutex = PTHREAD_MUTEX_INITIALIZER;
 pthread_mutex_lock( &osiMutex );
 if (!done)
     {
+    // setenv here for thread-safety
+    setenv("https_cert_check", "log", 0);      // DEFAULT certificate check is log.
+    setenv("https_cert_check_depth", "9", 0);   // DEFAULT depth check level is 9.
+    setenv("https_cert_check_verbose", "off", 0);   // DEFAULT verbose is off.
+    setenv("https_cert_check_domain_exceptions", "", 0);   // DEFAULT space separated list is empty string.
     SSL_library_init();
     ERR_load_crypto_strings();
     ERR_load_SSL_strings();
     OpenSSL_add_all_algorithms();
     openssl_pthread_setup();
     myDataIndex = SSL_get_ex_new_index(0, "myDataIndex", NULL, NULL, NULL);
     initDomainWhiteListHash();
     done = TRUE;
     }
 pthread_mutex_unlock( &osiMutex );
 }
 
 
 void *netConnectHttpsThread(void *threadParam)
 /* use a thread to run socket back to user */
@@ -498,38 +503,30 @@
 	safef(wildHost, sizeof wildHost, "*%s", dot);
 	result = hashLookup(domainWhiteList, wildHost);
 	}
     }
 return result;
 }
 
 int netConnectHttps(char *hostName, int port, boolean noProxy)
 /* Return socket for https connection with server or -1 if error. */
 {
 
 int fd=0;
 
 // https_cert_check env var can be abort warn or none.
 
-setenv("https_cert_check", "log", 0);      // DEFAULT certificate check is log.
-
-setenv("https_cert_check_depth", "9", 0);   // DEFAULT depth check level is 9.
-
-setenv("https_cert_check_verbose", "off", 0);   // DEFAULT verbose is off.
-
-setenv("https_cert_check_domain_exceptions", "", 0);   // DEFAULT space separated list is empty string.
-
 char *proxyUrl = getenv("https_proxy");
 
 if (noProxy)
     proxyUrl = NULL;
 char *connectHost;
 int connectPort;
 
 BIO *fbio=NULL;  // file descriptor bio
 BIO *sbio=NULL;  // ssl bio
 SSL_CTX *ctx;
 SSL *ssl;
 
 openSslInit();
 
 ctx = SSL_CTX_new(SSLv23_client_method());