From 5824d0d4ffac120a2840c980b4570868d6b3ea6b Mon Sep 17 00:00:00 2001
From: Eric Wong <e@80x24.org>
Date: Fri, 1 Oct 2021 09:54:40 +0000
Subject: ipc: run Net::SSLeay::randomize

Currently we don't use OpenSSL from child processes of parents
which use OpenSSL, but we may in the future.  So ensure OpenSSL
initializes its PRNG after these forks to avoid one security
pitfall down the line.
---
 lib/PublicInbox/IPC.pm | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'lib/PublicInbox')

diff --git a/lib/PublicInbox/IPC.pm b/lib/PublicInbox/IPC.pm
index 3e29def8..205b5b92 100644
--- a/lib/PublicInbox/IPC.pm
+++ b/lib/PublicInbox/IPC.pm
@@ -103,6 +103,7 @@ sub ipc_worker_spawn {
 	my $pid = fork // die "fork: $!";
 	if ($pid == 0) {
 		srand($seed);
+		eval { Net::SSLeay::randomize() };
 		eval { PublicInbox::DS->Reset };
 		delete @$self{qw(-wq_s1 -wq_s2 -wq_workers -wq_ppid)};
 		$w_req = $r_res = undef;
@@ -346,6 +347,7 @@ sub _wq_worker_start ($$$$) {
 	my $pid = fork // die "fork: $!";
 	if ($pid == 0) {
 		srand($seed);
+		eval { Net::SSLeay::randomize() };
 		undef $bcast1;
 		eval { PublicInbox::DS->Reset };
 		delete @$self{qw(-wq_s1 -wq_ppid)};
-- 
cgit v1.2.3-24-ge0c7