From 030ebb174b015574c858d5ac6da9ad4a3cb6112a Mon Sep 17 00:00:00 2001
From: Lee <ler762@users.sourceforge.net>
Date: Fri, 4 Aug 2023 18:08:17 -0400
Subject: [PATCH] create_client_ssl_connection(): Don't keep the certificate
 lock longer than necessary

---
 openssl.c | 5 ++---
 ssl.c     | 5 ++---
 2 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/openssl.c b/openssl.c
index 44e21b20..2841c125 100644
--- a/openssl.c
+++ b/openssl.c
@@ -790,17 +790,16 @@ extern int create_client_ssl_connection(struct client_state *csp)
     * certificate and key inconsistence must be locked.
     */
    privoxy_mutex_lock(&certificate_mutex);
-
    ret = generate_host_certificate(csp);
+   privoxy_mutex_unlock(&certificate_mutex);
+
    if (ret < 0)
    {
       log_error(LOG_LEVEL_ERROR,
          "generate_host_certificate failed: %d", ret);
-      privoxy_mutex_unlock(&certificate_mutex);
       ret = -1;
       goto exit;
    }
-   privoxy_mutex_unlock(&certificate_mutex);
 
    if (!(ssl_attr->openssl_attr.ctx = SSL_CTX_new(SSLv23_server_method())))
    {
diff --git a/ssl.c b/ssl.c
index afd9af45..0df73334 100644
--- a/ssl.c
+++ b/ssl.c
@@ -325,17 +325,16 @@ extern int create_client_ssl_connection(struct client_state *csp)
     * certificate and key inconsistence must be locked.
     */
    privoxy_mutex_lock(&certificate_mutex);
-
    ret = generate_host_certificate(csp);
+   privoxy_mutex_unlock(&certificate_mutex);
+
    if (ret < 0)
    {
       log_error(LOG_LEVEL_ERROR,
          "generate_host_certificate failed: %d", ret);
-      privoxy_mutex_unlock(&certificate_mutex);
       ret = -1;
       goto exit;
    }
-   privoxy_mutex_unlock(&certificate_mutex);
 
    /*
     * Seed the RNG
-- 
2.39.2