From 1bef5a69274b190a93b96553c4e3b4a5f20b07bb Mon Sep 17 00:00:00 2001
From: Matthew Flatt <mflatt@racket-lang.org>
Date: Mon, 4 May 2020 20:23:10 -0600
Subject: [PATCH] openssl: defer erorr logging when no x509 root sources are
 not found

Instead of logging an error when the `openssl` module is loaded, defer
a complaint until procedures that would depend on the configuration is
called. Otherwise, errors can get printed in programs that depend on
the `openssl` library but do not always need OpenSSL support at run
time.
---
 racket/collects/openssl/mzssl.rkt | 21 +++++++++++++++------
 1 file changed, 15 insertions(+), 6 deletions(-)

diff --git a/racket/collects/openssl/mzssl.rkt b/racket/collects/openssl/mzssl.rkt
index 63ed823d51..b46f4aa2a8 100644
--- a/racket/collects/openssl/mzssl.rkt
+++ b/racket/collects/openssl/mzssl.rkt
@@ -407,16 +407,23 @@ TO DO:
      ;; Log error only if *no* cert source exists (eg, on Debian/Ubuntu, default
      ;; cert file does not exist).
      (unless (or (ormap file-exists? cert-files) (ormap directory-exists? cert-dirs))
-       (log-openssl-error
-        "x509-root-sources: cert sources do not exist: ~s, ~s; ~a"
-        cert-file0 cert-dirs0
-        (format "override using ~a, ~a"
-                (X509_get_default_cert_file_env)
-                (X509_get_default_cert_dir_env))))
+       (set! complain-on-cert
+             (lambda ()
+               (log-openssl-error
+                "x509-root-sources: cert sources do not exist: ~s, ~s; ~a"
+                cert-file0 cert-dirs0
+                (format "override using ~a, ~a"
+                        (X509_get_default_cert_file_env)
+                        (X509_get_default_cert_dir_env))))))
      (log-openssl-debug "using cert sources: ~s, ~s" cert-files cert-dirs)
      (append cert-files (map (lambda (p) (list 'directory p)) cert-dirs))]
     [else null]))
 
+(define complain-on-cert void)
+(define (maybe-complain-on-cert)
+  (complain-on-cert)
+  (set! complain-on-cert void))
+
 (define ssl-default-verify-sources
   (make-parameter
    (case (system-type)
@@ -845,6 +852,7 @@ TO DO:
         [else (bad-source)]))
 
 (define (ssl-load-default-verify-sources! ctx)
+  (maybe-complain-on-cert)
   (for ([src (in-list (ssl-default-verify-sources))])
     (ssl-load-verify-source! ctx src #:try? #t)))
 
@@ -990,6 +998,7 @@ TO DO:
 (define context-cache #f)
 
 (define (ssl-secure-client-context)
+  (maybe-complain-on-cert)
   (let ([locs (ssl-default-verify-sources)])
     (define (reset)
       (let* ([now (current-seconds)]