Corrected order of OpenSSL set_cipher_list and use_certificate_chain_file

CHANGES

@@ -189,6 +189,12 @@ Corrections:
 	detect byte order in procan
 	Test: EXEC_SIGINT
 
+	OpenSSL cipherlist option did not override global openssl.cnf settings.
+	Now SSL_CTX_set_cipher_list() is called before
+	SSL_CTX_use_certificate_chain_file().
+	Thanks to Hiroshi Sakurai for reporting the problem and suggesting this
+	solution.
+
 Coding:
 	Introduced groups_t instead of uint32_t, for more flexibility.
 

xio-openssl.c

@@ -1393,6 +1393,21 @@ cont_out:
 #endif
    }
 
+   /* set pre openssl-connect options */
+   /* SSL_CIPHERS */
+   if (ci_str != NULL) {
+      if (sycSSL_CTX_set_cipher_list(ctx, ci_str) <= 0) {
+	 if (ERR_peek_error() == 0)
+	    Error1("SSL_set_cipher_list(, \"%s\") failed", ci_str);
+	 while (err = ERR_get_error()) {
+	    Error2("SSL_set_cipher_list(, \"%s\"): %s",
+		   ci_str, ERR_error_string(err, NULL));
+	 }
+	 /*Error("SSL_new()");*/
+	 return STAT_RETRYLATER;
+      }
+   }
+
    if (opt_cert) {
       BIO *bio;
       DH *dh;
@@ -1438,21 +1453,6 @@ cont_out:
       }
    }
 
-   /* set pre openssl-connect options */
-   /* SSL_CIPHERS */
-   if (ci_str != NULL) {
-      if (sycSSL_CTX_set_cipher_list(ctx, ci_str) <= 0) {
-	 if (ERR_peek_error() == 0)
-	    Error1("SSL_set_cipher_list(, \"%s\") failed", ci_str);
-	 while (err = ERR_get_error()) {
-	    Error2("SSL_set_cipher_list(, \"%s\"): %s",
-		   ci_str, ERR_error_string(err, NULL));
-	 }
-	 /*Error("SSL_new()");*/
-	 return STAT_RETRYLATER;
-      }
-   }
-
    if (*opt_ver) {
       sycSSL_CTX_set_verify(ctx,
 			    SSL_VERIFY_PEER| SSL_VERIFY_FAIL_IF_NO_PEER_CERT,