diff options
author | Max Romanov <max.romanov@nginx.com> | 2021-03-24 11:43:31 +0300 |
---|---|---|
committer | Max Romanov <max.romanov@nginx.com> | 2021-03-24 11:43:31 +0300 |
commit | f267dd0a8da280d2a803b61c9a309fe51d60d95a (patch) | |
tree | d9e3f4c077cc4e486b413c09a2e26d0ab2c82bf1 | |
parent | b04832da844d1c9e4ce7f7ff387059fbd07f78d3 (diff) | |
download | unit-f267dd0a8da280d2a803b61c9a309fe51d60d95a.tar.gz unit-f267dd0a8da280d2a803b61c9a309fe51d60d95a.tar.bz2 |
Workaround for an OpenSSL bug about not closing /dev/*random.
This is a workaround for an issue in OpenSSL 1.1.1, where the /dev/random and
/dev/urandom files remain open after all listening sockets were removed:
- https://github.com/openssl/openssl/issues/7419
Diffstat (limited to '')
-rw-r--r-- | src/nxt_openssl.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/src/nxt_openssl.c b/src/nxt_openssl.c index 3c0212f7..835ca8b2 100644 --- a/src/nxt_openssl.c +++ b/src/nxt_openssl.c @@ -8,6 +8,7 @@ #include <openssl/ssl.h> #include <openssl/conf.h> #include <openssl/err.h> +#include <openssl/rand.h> typedef struct { @@ -355,6 +356,11 @@ fail: SSL_CTX_free(ctx); +#if (OPENSSL_VERSION_NUMBER >= 0x1010100fL \ + && OPENSSL_VERSION_NUMBER < 0x1010101fL) + RAND_keep_random_devices_open(0); +#endif + return NXT_ERROR; } @@ -442,6 +448,11 @@ static void nxt_openssl_server_free(nxt_task_t *task, nxt_tls_conf_t *conf) { SSL_CTX_free(conf->ctx); + +#if (OPENSSL_VERSION_NUMBER >= 0x1010100fL \ + && OPENSSL_VERSION_NUMBER < 0x1010101fL) + RAND_keep_random_devices_open(0); +#endif } |