From: Pieter Lexis <pieter.lexis@powerdns.com>
Date: Fri, 24 Jun 2016 14:19:48 +0000 (+0200)
Subject: rec: Initialize OpenSSL before chrooting
X-Git-Tag: rec-4.0.0~34^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3afde9b297aae19cc0441ac7ed4320fa1af62594;p=thirdparty%2Fpdns.git

rec: Initialize OpenSSL before chrooting

When chroot()'ing into a 'bare' directory, /dev/random is not available.
This means that OpenSSL cannot gather randomness and all validations
will fail.

Closes #3994
---

diff --git a/pdns/pdns_recursor.cc b/pdns/pdns_recursor.cc
index 66b12aaffa..84c5dfdb51 100644
--- a/pdns/pdns_recursor.cc
+++ b/pdns/pdns_recursor.cc
@@ -33,6 +33,7 @@
 #include "recpacketcache.hh"
 #include "utility.hh"
 #include "dns_random.hh"
+#include "opensslsigners.hh"
 #include <iostream>
 #include <errno.h>
 #include <boost/static_assert.hpp>
@@ -2566,6 +2567,7 @@ int serviceMain(int argc, char*argv[])
 
   showProductVersion();
   seedRandom(::arg()["entropy-source"]);
+
   g_disthashseed=dns_random(0xffffffff);
 
   loadRecursorLuaConfig(::arg()["lua-config-file"]);
@@ -2710,6 +2712,9 @@ int serviceMain(int argc, char*argv[])
   g_maxMThreads = ::arg().asNum("max-mthreads");
   checkOrFixFDS();
 
+  openssl_thread_setup();
+  openssl_seed();
+
   int newgid=0;
   if(!::arg()["setgid"].empty())
     newgid=Utility::makeGidNumeric(::arg()["setgid"]);