Document arcane SSL/TLS UI issue and require docs, Debian Bug#432618.

svn path=/branches/BRANCH_6-3/; revision=5117

1 files changed, 5 insertions, 4 deletions

diff --git a/socket.c b/socket.c
index db04734d..e249758e 100644
--- a/socket.c
+++ b/socket.c
@@ -849,8 +849,8 @@ int SSLOpen(int sock, char *mycert, char *mykey, char *myproto, int certck, char
         struct stat randstat;
         int i;
 
-	SSL_load_error_strings();
 	SSLeay_add_ssl_algorithms();
+	SSL_load_error_strings();
 	
 #ifdef SSL_ENABLE
         if (stat("/dev/random", &randstat)  &&
@@ -900,6 +900,8 @@ int SSLOpen(int sock, char *mycert, char *mykey, char *myproto, int certck, char
 		return(-1);
 	}
 
+	SSL_CTX_set_options(_ctx[sock], SSL_OP_ALL);
+
 	if (certck) {
 		SSL_CTX_set_verify(_ctx[sock], SSL_VERIFY_PEER, SSL_ck_verify_callback);
 	} else {
@@ -950,9 +952,8 @@ int SSLOpen(int sock, char *mycert, char *mykey, char *myproto, int certck, char
         	SSL_use_RSAPrivateKey_file(_ssl_context[sock], mykey, SSL_FILETYPE_PEM);
 	}
 
-	SSL_set_fd(_ssl_context[sock], sock);
-	
-	if(SSL_connect(_ssl_context[sock]) < 1) {
+	if (SSL_set_fd(_ssl_context[sock], sock) == 0 
+	    || SSL_connect(_ssl_context[sock]) < 1) {
 		ERR_print_errors_fp(stderr);
 		SSL_CTX_free(_ctx[sock]);
 		_ctx[sock] = NULL;