diff options
author | Noah Misch | 2020-07-25 21:50:59 +0000 |
---|---|---|
committer | Noah Misch | 2020-07-25 21:50:59 +0000 |
commit | ce4939ff70890fa658a4095b9fe457f8432b2575 (patch) | |
tree | bc883e4de05b523f755a8bca5795ab280d67bf8a | |
parent | 0a0727ccfc5f4e2926623abe877bdc0b5bfd682e (diff) |
Use RAND_poll() for seeding randomness after fork().
OpenSSL deprecated RAND_cleanup(), and OpenSSL 1.1.0 made it into a
no-op. Replace it with RAND_poll(), per an OpenSSL community
recommendation. While this has no user-visible consequences under
OpenSSL defaults, it might help under non-default settings.
Daniel Gustafsson, reviewed by David Steele and Michael Paquier.
Discussion: https://postgr.es/m/[email protected]
-rw-r--r-- | src/backend/postmaster/fork_process.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/src/backend/postmaster/fork_process.c b/src/backend/postmaster/fork_process.c index def3cee37e..15d6340800 100644 --- a/src/backend/postmaster/fork_process.c +++ b/src/backend/postmaster/fork_process.c @@ -109,10 +109,12 @@ fork_process(void) } /* - * Make sure processes do not share OpenSSL randomness state. + * Make sure processes do not share OpenSSL randomness state. This is + * no longer required in OpenSSL 1.1.1 and later versions, but until + * we drop support for version < 1.1.1 we need to do this. */ #ifdef USE_OPENSSL - RAND_cleanup(); + RAND_poll(); #endif } |