504de1431be915e85967969706a41d9e23b962b6
galt
  Wed Jun 29 15:34:25 2022 -0700
We need to call openSslInit() first before using all other variables, including https_proxy. Easily fixed. This was reported by a user Volker Weinberger on the mailing list.

diff --git src/lib/https.c src/lib/https.c
index c8bcd26..972c4ec 100644
--- src/lib/https.c
+++ src/lib/https.c
@@ -505,43 +505,44 @@
 	safef(wildHost, sizeof wildHost, "*%s", dot);
 	result = hashLookup(domainWhiteList, wildHost);
 	}
     }
 return result;
 }
 
 int netConnectHttps(char *hostName, int port, boolean noProxy)
 /* Return socket for https connection with server or -1 if error. */
 {
 
 int fd=0;
 
 // https_cert_check env var can be abort warn or none.
 
-char *proxyUrl = https_proxy;
-
-if (noProxy)
-    proxyUrl = NULL;
 char *connectHost;
 int connectPort;
 
 BIO *fbio=NULL;  // file descriptor bio
 BIO *sbio=NULL;  // ssl bio
 SSL_CTX *ctx;
 SSL *ssl;
 
-openSslInit();
+openSslInit();   // call early since it initializes vars from env vars in a thread-safe way.
+
+char *proxyUrl = https_proxy;
+
+if (noProxy)
+    proxyUrl = NULL;
 
 ctx = SSL_CTX_new(SSLv23_client_method());
 
 fd_set readfds;
 fd_set writefds;
 int err;
 struct timeval tv;
 
 struct myData myData;
 boolean doSetMyData = FALSE;
 
 if (!sameString(https_cert_check, "none"))
     {
     if (checkIfInHashWithWildCard(hostName))
 	{