Mercurial > dovecot > original-hg > dovecot-1.2

changeset 1556:545f6b150e2c HEAD

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Make sure PRNG gets initialized before chrooting so it can open /dev/urandom.
author Timo Sirainen <tss@iki.fi>
date Wed, 18 Jun 2003 04:12:32 +0300
parents b566a1ba703e
children fa8322b3b7ec
files src/login-common/ssl-proxy-openssl.c
diffstat 1 files changed, 7 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/src/login-common/ssl-proxy-openssl.c	Mon Jun 16 17:39:51 2003 +0300
+++ b/src/login-common/ssl-proxy-openssl.c	Wed Jun 18 04:12:32 2003 +0300
@@ -13,6 +13,7 @@
 #include <openssl/pem.h>
 #include <openssl/ssl.h>
 #include <openssl/err.h>
+#include <openssl/rand.h>
 
 #define SSL_CIPHER_LIST "ALL:!LOW"
 
@@ -403,6 +404,7 @@
 void ssl_proxy_init(void)
 {
 	const char *certfile, *keyfile, *paramfile;
+	char buf;
 
 	certfile = getenv("SSL_CERT_FILE");
 	keyfile = getenv("SSL_KEY_FILE");
@@ -440,6 +442,11 @@
 	if (SSL_CTX_need_tmp_RSA(ssl_ctx))
 		SSL_CTX_set_tmp_rsa_callback(ssl_ctx, ssl_gen_rsa_key);
 
+	/* PRNG initialization might want to use /dev/urandom, make sure it
+	   does it before chrooting. */
+	if (RAND_bytes(&buf, 1) != 1)
+		i_fatal("RAND_bytes() failed: %s\n", ssl_last_error());
+
         ssl_proxies = hash_create(default_pool, default_pool, 0, NULL, NULL);
 	ssl_initialized = TRUE;
 }