generic-library/curl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

- Tanguy Fautre pointed out that OpenSSL's function RAND_screen() (present

Browse Source 
only in some OpenSSL installs - like on Windows) isn't thread-safe and we
  agreed that moving it to the global_init() function is a decent way to deal
  with this situation.
This commit is contained in:
Daniel Stenberg
2009-08-01 11:09:02 +00:00
parent 2642638fca
commit 0dce2ff8a0
4 changed files with 16 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
CHANGES
View File

@@ -7,6 +7,11 @@
Changelog Changelog
Daniel Stenberg (1 Aug 2009) Daniel Stenberg (1 Aug 2009)
- Tanguy Fautre pointed out that OpenSSL's function RAND_screen() (present
only in some OpenSSL installs - like on Windows) isn't thread-safe and we
agreed that moving it to the global_init() function is a decent way to deal
with this situation.
- Alexander Beedie provided the patch for a noproxy problem: If I have set - Alexander Beedie provided the patch for a noproxy problem: If I have set
CURLOPT_NOPROXY to "*", or to a host that should not use a proxy, I actually CURLOPT_NOPROXY to "*", or to a host that should not use a proxy, I actually
could still end up using a proxy if a proxy environment variable was set. could still end up using a proxy if a proxy environment variable was set.

4
RELEASE-NOTES
View File

@@ -39,6 +39,7 @@ This release includes the following bugfixes:
o fix leak in gtls code o fix leak in gtls code
o missing algorithms in libcurl+OpenSSL o missing algorithms in libcurl+OpenSSL
o with noproxy set you could still get a proxy if a proxy env was set o with noproxy set you could still get a proxy if a proxy env was set
o rand seeding on libcurl on windows built with OpenSSL was not thread-safe
This release includes the following known bugs: This release includes the following known bugs:
@@ -51,6 +52,7 @@ advice from friends like these:
Andre Guibert de Bruet, Mike Crowe, Claes Jakobsson, John E. Malmberg, Andre Guibert de Bruet, Mike Crowe, Claes Jakobsson, John E. Malmberg,
Aaron Oneal, Igor Novoseltsev, Eric Wong, Bill Hoffman, Daniel Steinberg, Aaron Oneal, Igor Novoseltsev, Eric Wong, Bill Hoffman, Daniel Steinberg,
Fabian Keil, Michal Marek, Reuven Wachtfogel, Markus Koetter, Fabian Keil, Michal Marek, Reuven Wachtfogel, Markus Koetter,
Constantine Sapuntzakis, David Binderman, Johan van Selst, Alexander Beedie Constantine Sapuntzakis, David Binderman, Johan van Selst, Alexander Beedie,
Tanguy Fautre
Thanks! (and sorry if I forgot to mention someone) Thanks! (and sorry if I forgot to mention someone)

2
TODO-RELEASE
View File

@@ -5,8 +5,6 @@ To be addressed in 7.19.6 (planned release: August 2009)
249 - Wildcard cert name checking and null termination 249 - Wildcard cert name checking and null termination
250 - RAND_screen() fix
251 - TFTP block size 251 - TFTP block size
252 - disable SNI for SSLv2 and SSLv3 252 - disable SNI for SSLv2 and SSLv3

10
lib/ssluse.c
View File

@@ -225,8 +225,7 @@ static int ossl_seed(struct SessionHandle *data)
/* If we get here, it means we need to seed the PRNG using a "silly" /* If we get here, it means we need to seed the PRNG using a "silly"
approach! */ approach! */
#ifdef HAVE_RAND_SCREEN #ifdef HAVE_RAND_SCREEN
/* This one gets a random value by reading the currently shown screen */ /* if RAND_screen() is present, it was called during global init */
RAND_screen();
nread = 100; /* just a value */ nread = 100; /* just a value */
#else #else
{ {
@@ -642,6 +641,13 @@ int Curl_ossl_init(void)
OpenSSL_add_all_algorithms(); OpenSSL_add_all_algorithms();
#ifdef HAVE_RAND_SCREEN
/* This one gets a random value by reading the currently shown screen.
RAND_screen() is not thread-safe according to OpenSSL devs - although not
mentioned in documentation. */
RAND_screen();
#endif
return 1; return 1;
} }