From a9b66ae18138b1e42e2f96108d79b474205c2017 Mon Sep 17 00:00:00 2001
From: Jesse Luehrs <doy@tozt.net>
Date: Wed, 23 Oct 2019 04:23:46 -0400
Subject: don't drop privs until after reading tls identity file

---
 src/cmd/server.rs | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/cmd/server.rs b/src/cmd/server.rs
index 8acd011..d10bb49 100644
--- a/src/cmd/server.rs
+++ b/src/cmd/server.rs
@@ -117,13 +117,13 @@ fn create_server_tls(
     uid: Option<users::uid_t>,
     gid: Option<users::gid_t>,
 ) -> Box<dyn futures::future::Future<Item = (), Error = Error> + Send> {
-    let listener = match listen(address, uid, gid) {
-        Ok(listener) => listener,
+    let tls_acceptor = match accept_tls(tls_identity_file) {
+        Ok(acceptor) => acceptor,
         Err(e) => return Box::new(futures::future::err(e)),
     };
 
-    let tls_acceptor = match accept_tls(tls_identity_file) {
-        Ok(acceptor) => acceptor,
+    let listener = match listen(address, uid, gid) {
+        Ok(listener) => listener,
         Err(e) => return Box::new(futures::future::err(e)),
     };
 
-- 
cgit v1.2.3-54-g00ecf