diff options
| author | Daniel Stenberg <daniel@haxx.se> | 2009-08-01 11:09:02 +0000 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2009-08-01 11:09:02 +0000 |
| commit | 0dce2ff8a09065b2be2a3531f498006906c81db5 (patch) | |
| tree | ef97cbf066d5485ee1bdb7ce5cbabc6ccb780485 | |
| parent | 2642638fcae2c51a3407f0af6a90b3c6aca895f5 (diff) | |
- Tanguy Fautre pointed out that OpenSSL's function RAND_screen() (present
only in some OpenSSL installs - like on Windows) isn't thread-safe and we
agreed that moving it to the global_init() function is a decent way to deal
with this situation.
| -rw-r--r-- | CHANGES | 5 | ||||
| -rw-r--r-- | RELEASE-NOTES | 4 | ||||
| -rw-r--r-- | TODO-RELEASE | 2 | ||||
| -rw-r--r-- | lib/ssluse.c | 10 |
4 files changed, 16 insertions, 5 deletions
@@ -7,6 +7,11 @@ Changelog Daniel Stenberg (1 Aug 2009) +- Tanguy Fautre pointed out that OpenSSL's function RAND_screen() (present + only in some OpenSSL installs - like on Windows) isn't thread-safe and we + agreed that moving it to the global_init() function is a decent way to deal + with this situation. + - Alexander Beedie provided the patch for a noproxy problem: If I have set CURLOPT_NOPROXY to "*", or to a host that should not use a proxy, I actually could still end up using a proxy if a proxy environment variable was set. diff --git a/RELEASE-NOTES b/RELEASE-NOTES index b715d5aef..bd5700f77 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -39,6 +39,7 @@ This release includes the following bugfixes: o fix leak in gtls code o missing algorithms in libcurl+OpenSSL o with noproxy set you could still get a proxy if a proxy env was set + o rand seeding on libcurl on windows built with OpenSSL was not thread-safe This release includes the following known bugs: @@ -51,6 +52,7 @@ advice from friends like these: Andre Guibert de Bruet, Mike Crowe, Claes Jakobsson, John E. Malmberg, Aaron Oneal, Igor Novoseltsev, Eric Wong, Bill Hoffman, Daniel Steinberg, Fabian Keil, Michal Marek, Reuven Wachtfogel, Markus Koetter, - Constantine Sapuntzakis, David Binderman, Johan van Selst, Alexander Beedie + Constantine Sapuntzakis, David Binderman, Johan van Selst, Alexander Beedie, + Tanguy Fautre Thanks! (and sorry if I forgot to mention someone) diff --git a/TODO-RELEASE b/TODO-RELEASE index 513ad81cd..ad1e24f54 100644 --- a/TODO-RELEASE +++ b/TODO-RELEASE @@ -5,8 +5,6 @@ To be addressed in 7.19.6 (planned release: August 2009) 249 - Wildcard cert name checking and null termination -250 - RAND_screen() fix - 251 - TFTP block size 252 - disable SNI for SSLv2 and SSLv3 diff --git a/lib/ssluse.c b/lib/ssluse.c index 2365d5283..ffc1fbd96 100644 --- a/lib/ssluse.c +++ b/lib/ssluse.c @@ -225,8 +225,7 @@ static int ossl_seed(struct SessionHandle *data) /* If we get here, it means we need to seed the PRNG using a "silly" approach! */ #ifdef HAVE_RAND_SCREEN - /* This one gets a random value by reading the currently shown screen */ - RAND_screen(); + /* if RAND_screen() is present, it was called during global init */ nread = 100; /* just a value */ #else { @@ -642,6 +641,13 @@ int Curl_ossl_init(void) OpenSSL_add_all_algorithms(); +#ifdef HAVE_RAND_SCREEN + /* This one gets a random value by reading the currently shown screen. + RAND_screen() is not thread-safe according to OpenSSL devs - although not + mentioned in documentation. */ + RAND_screen(); +#endif + return 1; } |