Bug 1416730, selfserv: Call NSS_Initialize early to respect policy in SSL, r=rrelyea

author: Daiki Ueno <dueno@redhat.com> 2017-10-10 16:01:30 +0200
committer: Daiki Ueno <dueno@redhat.com> 2017-10-10 16:01:30 +0200
commit: 7258806839ab32a9ffe634ae70645205605663bf (patch)
tree: 31908b59a82e9b13c2a38f923ad9bfab73a01450 /cmd/selfserv
parent: 313854678e3a0c70507ec06258449be46190b482 (diff)
download: nss-hg-7258806839ab32a9ffe634ae70645205605663bf.tar.gz
1 files changed, 7 insertions, 7 deletions
diff --git a/cmd/selfserv/selfserv.c b/cmd/selfserv/selfserv.c
index e3dccf144..f18d4a15d 100644
--- a/cmd/selfserv/selfserv.c
+++ b/cmd/selfserv/selfserv.c
@@ -2494,6 +2494,13 @@ main(int argc, char **argv)
             break;
     }
 
+    /* Call the NSS initialization routines */
+    rv = NSS_Initialize(dir, certPrefix, certPrefix, SECMOD_DB, NSS_INIT_READONLY);
+    if (rv != SECSuccess) {
+        fputs("NSS_Init failed.\n", stderr);
+        exit(8);
+    }
+
     /* The -b (bindOnly) option is only used by the ssl.sh test
      * script on Linux to determine whether a previous selfserv
      * process has fully died and freed the port.  (Bug 129701)
@@ -2603,13 +2610,6 @@ main(int argc, char **argv)
     /* set our password function */
     PK11_SetPasswordFunc(SECU_GetModulePassword);
 
-    /* Call the NSS initialization routines */
-    rv = NSS_Initialize(dir, certPrefix, certPrefix, SECMOD_DB, NSS_INIT_READONLY);
-    if (rv != SECSuccess) {
-        fputs("NSS_Init failed.\n", stderr);
-        exit(8);
-    }
-
     /* all SSL3 cipher suites are enabled by default. */
     if (cipherString) {
         char *cstringSaved = cipherString;
author	Daiki Ueno <dueno@redhat.com>	2017-10-10 16:01:30 +0200
committer	Daiki Ueno <dueno@redhat.com>	2017-10-10 16:01:30 +0200
commit	7258806839ab32a9ffe634ae70645205605663bf (patch)
tree	31908b59a82e9b13c2a38f923ad9bfab73a01450 /cmd/selfserv
parent	313854678e3a0c70507ec06258449be46190b482 (diff)
download	nss-hg-7258806839ab32a9ffe634ae70645205605663bf.tar.gz