From 1c1560f6ca8b20f5b2d3465e6fd688c78d3c63d4 Mon Sep 17 00:00:00 2001
From: Yihong Wu <54519668+domosekai@users.noreply.github.com>
Date: Fri, 17 Dec 2021 19:06:55 +0800
Subject: [PATCH] Apply security level override in azure client mode

---
 src/Cedar/AzureClient.c |  2 ++
 src/Mayaqua/Network.c   | 14 +++++++-------
 2 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/src/Cedar/AzureClient.c b/src/Cedar/AzureClient.c
index ea6a966c..67d8b7bd 100644
--- a/src/Cedar/AzureClient.c
+++ b/src/Cedar/AzureClient.c
@@ -103,6 +103,8 @@ void AcWaitForRequest(AZURE_CLIENT *ac, SOCK *s, AZURE_PARAM *param)
 
 								SetTimeout(ns, param->DataTimeout);
 
+								Copy(&ns->SslAcceptSettings, &ac->Cedar->SslAcceptSettings, sizeof(SSL_ACCEPT_SETTINGS));
+
 								if (StartSSLEx(ns, NULL, NULL, 0, NULL))
 								{
 									// Check certification
diff --git a/src/Mayaqua/Network.c b/src/Mayaqua/Network.c
index 6370f5e7..6351a869 100644
--- a/src/Mayaqua/Network.c
+++ b/src/Mayaqua/Network.c
@@ -11719,13 +11719,6 @@ bool StartSSLEx2(SOCK *sock, X *x, K *priv, LIST *chain, UINT ssl_timeout, char
 			}
 #endif	// SSL_OP_NO_TLSv1_3
 
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
-			if (sock->SslAcceptSettings.Override_Security_Level)
-			{
-				SSL_CTX_set_security_level(ssl_ctx, sock->SslAcceptSettings.Override_Security_Level_Value);
-			}
-#endif
-
 			Unlock(openssl_lock);
 			if (chain == NULL)
 			{
@@ -11748,6 +11741,13 @@ bool StartSSLEx2(SOCK *sock, X *x, K *priv, LIST *chain, UINT ssl_timeout, char
 			Lock(openssl_lock);
 		}
 
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+		if (sock->SslAcceptSettings.Override_Security_Level)
+		{
+			SSL_CTX_set_security_level(ssl_ctx, sock->SslAcceptSettings.Override_Security_Level_Value);
+		}
+#endif
+
 		sock->ssl = SSL_new(ssl_ctx);
 		SSL_set_fd(sock->ssl, (int)sock->socket);