Repositories - haproxy-2.5.git/commit

author	Amaury Denoyelle <adenoyelle@haproxy.com>
	Wed, 19 May 2021 13:35:29 +0000 (15:35 +0200)
committer	Amaury Denoyelle <adenoyelle@haproxy.com>
	Fri, 18 Jun 2021 14:42:25 +0000 (16:42 +0200)
commit	c593bcdb434b6af6a20225e5aec74bc11558e32e
tree	2d6c082c95f25061a200ff270b64e03c73a724b0	tree \| snapshot
parent	b11ad9ed6194fb2edb035a4eb2bc4db4011db4fc	commit \| diff

MINOR: ssl: always initialize random generator

Explicitly call ssl_initialize_random to initialize the random generator
in init() global function. If the initialization fails, the startup is
interrupted.

This commit is in preparation for support of ssl on dynamic servers. To
be able to activate ssl on dynamic servers, it is necessary to ensure
that the random generator is initialized on startup regardless of the
config. It cannot be called at runtime as access to /dev/urandom is
required.

This also has the effect to fix the previous non-consistent behavior.
Indeed, if bind or server in the config are using ssl, the
initialization function was called, and if it failed, the startup was
interrupted. Otherwise, the ssl initialization code could have been
called through the ssl server for lua, but this times without blocking
the startup on error. Or not called at all if lua was deactivated.

include/haproxy/ssl_sock.h		diff \| blob \| history
src/haproxy.c		diff \| blob \| history
src/ssl_sock.c		diff \| blob \| history