technocloud-public/nginx-unit
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Workaround for an OpenSSL bug about not closing /dev/*random.

Browse Source 
This is a workaround for an issue in OpenSSL 1.1.1, where the /dev/random and
/dev/urandom files remain open after all listening sockets were removed:

 - https://github.com/openssl/openssl/issues/7419
This commit is contained in:
Max Romanov
2021-03-24 11:43:31 +03:00
parent b04832da84
commit f267dd0a8d
1 changed files with 11 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/nxt_openssl.c
View File

@@ -8,6 +8,7 @@
#include <openssl/ssl.h> #include <openssl/ssl.h>
#include <openssl/conf.h> #include <openssl/conf.h>
#include <openssl/err.h> #include <openssl/err.h>
#include <openssl/rand.h>
typedef struct { typedef struct {
@@ -355,6 +356,11 @@ fail:
SSL_CTX_free(ctx); SSL_CTX_free(ctx);
#if (OPENSSL_VERSION_NUMBER >= 0x1010100fL \
&& OPENSSL_VERSION_NUMBER < 0x1010101fL)
RAND_keep_random_devices_open(0);
#endif
return NXT_ERROR; return NXT_ERROR;
} }
@@ -442,6 +448,11 @@ static void
nxt_openssl_server_free(nxt_task_t *task, nxt_tls_conf_t *conf) nxt_openssl_server_free(nxt_task_t *task, nxt_tls_conf_t *conf)
{ {
SSL_CTX_free(conf->ctx); SSL_CTX_free(conf->ctx);
#if (OPENSSL_VERSION_NUMBER >= 0x1010100fL \
&& OPENSSL_VERSION_NUMBER < 0x1010101fL)
RAND_keep_random_devices_open(0);
#endif
} }