Mercurial > dovecot > original-hg > dovecot-1.2
changeset 1556:545f6b150e2c HEAD
Make sure PRNG gets initialized before chrooting so it can open /dev/urandom.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Wed, 18 Jun 2003 04:12:32 +0300 |
parents | b566a1ba703e |
children | fa8322b3b7ec |
files | src/login-common/ssl-proxy-openssl.c |
diffstat | 1 files changed, 7 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/src/login-common/ssl-proxy-openssl.c Mon Jun 16 17:39:51 2003 +0300 +++ b/src/login-common/ssl-proxy-openssl.c Wed Jun 18 04:12:32 2003 +0300 @@ -13,6 +13,7 @@ #include <openssl/pem.h> #include <openssl/ssl.h> #include <openssl/err.h> +#include <openssl/rand.h> #define SSL_CIPHER_LIST "ALL:!LOW" @@ -403,6 +404,7 @@ void ssl_proxy_init(void) { const char *certfile, *keyfile, *paramfile; + char buf; certfile = getenv("SSL_CERT_FILE"); keyfile = getenv("SSL_KEY_FILE"); @@ -440,6 +442,11 @@ if (SSL_CTX_need_tmp_RSA(ssl_ctx)) SSL_CTX_set_tmp_rsa_callback(ssl_ctx, ssl_gen_rsa_key); + /* PRNG initialization might want to use /dev/urandom, make sure it + does it before chrooting. */ + if (RAND_bytes(&buf, 1) != 1) + i_fatal("RAND_bytes() failed: %s\n", ssl_last_error()); + ssl_proxies = hash_create(default_pool, default_pool, 0, NULL, NULL); ssl_initialized = TRUE; }