fix static-init ordering issue preventing ssl_certificates from being read at startup

panda/src/express/config_express.cxx

@@ -69,22 +69,6 @@ ConfigVariableBool collect_tcp
 ConfigVariableDouble collect_tcp_interval
 ("collect-tcp-interval", 0.2);
 
-ConfigVariableFilename ca_bundle_filename
-("ca-bundle-filename", "",
- PRC_DESC("This names the certificate authority file for OpenSSL "
-          "to use to verify whether SSL certificates are trusted or not.  "
-          "The file named by this setting should contain one or more "
-          "PEM-formatted certificates from trusted certificate "
-          "authorities.  This is a fairly standard file; a copy of "
-          "ca-bundle.crt is included in the OpenSSL distribution, and "
-          "is also included with Panda."));
-
-ConfigVariableList ssl_certificates
-("ssl-certificates",
- PRC_DESC("This variable lists additional filenames, on top of the file "
-          "named by ca-bundle-filename, that contain trusted SSL "
-          "certificates or certificate authorities."));
-
 ////////////////////////////////////////////////////////////////////
 //     Function: init_libexpress
 //  Description: Initializes the library.  This must be called at

panda/src/express/config_express.h

@@ -53,8 +53,6 @@ extern ConfigVariableBool keep_temporary_files;
 
 extern EXPCL_PANDAEXPRESS ConfigVariableBool collect_tcp;
 extern EXPCL_PANDAEXPRESS ConfigVariableDouble collect_tcp_interval;
-extern ConfigVariableFilename ca_bundle_filename;
-extern ConfigVariableList ssl_certificates;
 
 // Expose the Config variable for Python access.
 BEGIN_PUBLISH

panda/src/express/openSSLWrapper.cxx

@@ -44,10 +44,26 @@ OpenSSLWrapper() {
   load_certificates_from_der_ram((const char *)ca_bundle_data, ca_bundle_data_len);
 
   // Load in any default certificates listed in the Config.prc file.
+  ConfigVariableFilename ca_bundle_filename
+    ("ca-bundle-filename", "",
+     PRC_DESC("This names the certificate authority file for OpenSSL "
+              "to use to verify whether SSL certificates are trusted or not.  "
+              "The file named by this setting should contain one or more "
+              "PEM-formatted certificates from trusted certificate "
+              "authorities.  This is a fairly standard file; a copy of "
+              "ca-bundle.crt is included in the OpenSSL distribution, and "
+              "is also included with Panda."));
+  
   if (!ca_bundle_filename.empty()) {
     load_certificates(ca_bundle_filename);
   }
 
+  ConfigVariableList ssl_certificates
+    ("ssl-certificates",
+     PRC_DESC("This variable lists additional filenames, on top of the file "
+              "named by ca-bundle-filename, that contain trusted SSL "
+              "certificates or certificate authorities."));
+
   int num_certs = ssl_certificates.get_num_unique_values();
   for (int ci = 0; ci < num_certs; ci++) {
     string cert_file = ssl_certificates.get_unique_value(ci);