ipc: run Net::SSLeay::randomize

Currently we don't use OpenSSL from child processes of parents which use OpenSSL, but we may in the future. So ensure OpenSSL initializes its PRNG after these forks to avoid one security pitfall down the line.
author: Eric Wong <e@80x24.org> 2021-10-01 09:54:40 +0000
committer: Eric Wong <e@80x24.org> 2021-10-01 12:06:30 +0000
commit: 5824d0d4ffac120a2840c980b4570868d6b3ea6b (patch)
tree: 9df7601b403fc545ee6c0484210690b5b2f58436 /lib/PublicInbox
parent: 361a5b0d5aa7f96117725bd8bb2bc0a168963148 (diff)
download: public-inbox-5824d0d4ffac120a2840c980b4570868d6b3ea6b.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/lib/PublicInbox/IPC.pm b/lib/PublicInbox/IPC.pm
index 3e29def8..205b5b92 100644
--- a/lib/PublicInbox/IPC.pm
+++ b/lib/PublicInbox/IPC.pm
@@ -103,6 +103,7 @@ sub ipc_worker_spawn {
          my $pid = fork // die "fork: $!";
          if ($pid == 0) {
                  srand($seed);
+                eval { Net::SSLeay::randomize() };
                  eval { PublicInbox::DS->Reset };
                  delete @$self{qw(-wq_s1 -wq_s2 -wq_workers -wq_ppid)};
                  $w_req = $r_res = undef;
@@ -346,6 +347,7 @@ sub _wq_worker_start ($$$$) {
          my $pid = fork // die "fork: $!";
          if ($pid == 0) {
                  srand($seed);
+                eval { Net::SSLeay::randomize() };
                  undef $bcast1;
                  eval { PublicInbox::DS->Reset };
                  delete @$self{qw(-wq_s1 -wq_ppid)};
author	Eric Wong <e@80x24.org>	2021-10-01 09:54:40 +0000
committer	Eric Wong <e@80x24.org>	2021-10-01 12:06:30 +0000
commit	5824d0d4ffac120a2840c980b4570868d6b3ea6b (patch)
tree	9df7601b403fc545ee6c0484210690b5b2f58436 /lib/PublicInbox
parent	361a5b0d5aa7f96117725bd8bb2bc0a168963148 (diff)
download	public-inbox-5824d0d4ffac120a2840c980b4570868d6b3ea6b.tar.gz