I didn't like how sslserver setuid/setgid'd before loading up the certificates,
so here's my patch to make it load up the certificates and then setuid.

It's not untested, but if there are any problems that occur because of this patch,
please let me know as soon as possible.  Thanks.

Jeremy Kitchen -- kitchen@scriptkitchen.com -- 4/26/2004


diff -urN ucspi-ssl-0.50.orig/sslserver.c ucspi-ssl-0.50/sslserver.c
--- ucspi-ssl-0.50.orig/sslserver.c	2001-12-08 22:47:20.000000000 -0500
+++ ucspi-ssl-0.50/sslserver.c	2004-04-26 16:40:19.889095712 -0400
@@ -503,11 +503,6 @@
     strerr_die2sys(111,FATAL,"unable to listen: ");
   ndelay_off(s);
 
-  if (gid) if (prot_gid(gid) == -1)
-    strerr_die2sys(111,FATAL,"unable to set gid: ");
-  if (uid) if (prot_uid(uid) == -1)
-    strerr_die2sys(111,FATAL,"unable to set uid: ");
-
   localportstr[fmt_ulong(localportstr,localport)] = 0;
   if (flag1) {
     buffer_init(&b,buffer_unixwrite,1,bspace,sizeof bspace);
@@ -537,6 +532,11 @@
   if (!ssl_params(ctx,dhfile,rsalen))
     strerr_die2x(111,FATAL,"unable to set cipher parameters");
 
+  if (gid) if (prot_gid(gid) == -1)
+    strerr_die2sys(111,FATAL,"unable to set gid: ");
+  if (uid) if (prot_uid(uid) == -1)
+    strerr_die2sys(111,FATAL,"unable to set uid: ");
+
   if (verbosity >= 2) {
     strnum[fmt_ulong(strnum,getpid())] = 0;
     strnum2[fmt_ulong(strnum2,rsalen)] = 0;