summaryrefslogtreecommitdiffhomepage
path: root/src
diff options
context:
space:
mode:
authorMax Romanov <max.romanov@nginx.com>2021-03-24 11:43:31 +0300
committerMax Romanov <max.romanov@nginx.com>2021-03-24 11:43:31 +0300
commitf267dd0a8da280d2a803b61c9a309fe51d60d95a (patch)
treed9e3f4c077cc4e486b413c09a2e26d0ab2c82bf1 /src
parentb04832da844d1c9e4ce7f7ff387059fbd07f78d3 (diff)
downloadunit-f267dd0a8da280d2a803b61c9a309fe51d60d95a.tar.gz
unit-f267dd0a8da280d2a803b61c9a309fe51d60d95a.tar.bz2
Workaround for an OpenSSL bug about not closing /dev/*random.
This is a workaround for an issue in OpenSSL 1.1.1, where the /dev/random and /dev/urandom files remain open after all listening sockets were removed: - https://github.com/openssl/openssl/issues/7419
Diffstat (limited to '')
-rw-r--r--src/nxt_openssl.c11
1 files changed, 11 insertions, 0 deletions
diff --git a/src/nxt_openssl.c b/src/nxt_openssl.c
index 3c0212f7..835ca8b2 100644
--- a/src/nxt_openssl.c
+++ b/src/nxt_openssl.c
@@ -8,6 +8,7 @@
#include <openssl/ssl.h>
#include <openssl/conf.h>
#include <openssl/err.h>
+#include <openssl/rand.h>
typedef struct {
@@ -355,6 +356,11 @@ fail:
SSL_CTX_free(ctx);
+#if (OPENSSL_VERSION_NUMBER >= 0x1010100fL \
+ && OPENSSL_VERSION_NUMBER < 0x1010101fL)
+ RAND_keep_random_devices_open(0);
+#endif
+
return NXT_ERROR;
}
@@ -442,6 +448,11 @@ static void
nxt_openssl_server_free(nxt_task_t *task, nxt_tls_conf_t *conf)
{
SSL_CTX_free(conf->ctx);
+
+#if (OPENSSL_VERSION_NUMBER >= 0x1010100fL \
+ && OPENSSL_VERSION_NUMBER < 0x1010101fL)
+ RAND_keep_random_devices_open(0);
+#endif
}