aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--CHANGES5
-rw-r--r--RELEASE-NOTES4
-rw-r--r--TODO-RELEASE2
-rw-r--r--lib/ssluse.c10
4 files changed, 16 insertions, 5 deletions
diff --git a/CHANGES b/CHANGES
index 6d7b833e8..d2b194ffb 100644
--- a/CHANGES
+++ b/CHANGES
@@ -7,6 +7,11 @@
Changelog
Daniel Stenberg (1 Aug 2009)
+- Tanguy Fautre pointed out that OpenSSL's function RAND_screen() (present
+ only in some OpenSSL installs - like on Windows) isn't thread-safe and we
+ agreed that moving it to the global_init() function is a decent way to deal
+ with this situation.
+
- Alexander Beedie provided the patch for a noproxy problem: If I have set
CURLOPT_NOPROXY to "*", or to a host that should not use a proxy, I actually
could still end up using a proxy if a proxy environment variable was set.
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index b715d5aef..bd5700f77 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -39,6 +39,7 @@ This release includes the following bugfixes:
o fix leak in gtls code
o missing algorithms in libcurl+OpenSSL
o with noproxy set you could still get a proxy if a proxy env was set
+ o rand seeding on libcurl on windows built with OpenSSL was not thread-safe
This release includes the following known bugs:
@@ -51,6 +52,7 @@ advice from friends like these:
Andre Guibert de Bruet, Mike Crowe, Claes Jakobsson, John E. Malmberg,
Aaron Oneal, Igor Novoseltsev, Eric Wong, Bill Hoffman, Daniel Steinberg,
Fabian Keil, Michal Marek, Reuven Wachtfogel, Markus Koetter,
- Constantine Sapuntzakis, David Binderman, Johan van Selst, Alexander Beedie
+ Constantine Sapuntzakis, David Binderman, Johan van Selst, Alexander Beedie,
+ Tanguy Fautre
Thanks! (and sorry if I forgot to mention someone)
diff --git a/TODO-RELEASE b/TODO-RELEASE
index 513ad81cd..ad1e24f54 100644
--- a/TODO-RELEASE
+++ b/TODO-RELEASE
@@ -5,8 +5,6 @@ To be addressed in 7.19.6 (planned release: August 2009)
249 - Wildcard cert name checking and null termination
-250 - RAND_screen() fix
-
251 - TFTP block size
252 - disable SNI for SSLv2 and SSLv3
diff --git a/lib/ssluse.c b/lib/ssluse.c
index 2365d5283..ffc1fbd96 100644
--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@@ -225,8 +225,7 @@ static int ossl_seed(struct SessionHandle *data)
/* If we get here, it means we need to seed the PRNG using a "silly"
approach! */
#ifdef HAVE_RAND_SCREEN
- /* This one gets a random value by reading the currently shown screen */
- RAND_screen();
+ /* if RAND_screen() is present, it was called during global init */
nread = 100; /* just a value */
#else
{
@@ -642,6 +641,13 @@ int Curl_ossl_init(void)
OpenSSL_add_all_algorithms();
+#ifdef HAVE_RAND_SCREEN
+ /* This one gets a random value by reading the currently shown screen.
+ RAND_screen() is not thread-safe according to OpenSSL devs - although not
+ mentioned in documentation. */
+ RAND_screen();
+#endif
+
return 1;
}