From 3afde9b297aae19cc0441ac7ed4320fa1af62594 Mon Sep 17 00:00:00 2001
From: Pieter Lexis <pieter.lexis@powerdns.com>
Date: Fri, 24 Jun 2016 16:19:48 +0200
Subject: [PATCH] rec: Initialize OpenSSL before chrooting

When chroot()'ing into a 'bare' directory, /dev/random is not available.
This means that OpenSSL cannot gather randomness and all validations
will fail.

Closes #3994
---
 pdns/pdns_recursor.cc | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/pdns/pdns_recursor.cc b/pdns/pdns_recursor.cc
index 66b12aaffa..84c5dfdb51 100644
--- a/pdns/pdns_recursor.cc
+++ b/pdns/pdns_recursor.cc
@@ -33,6 +33,7 @@
 #include "recpacketcache.hh"
 #include "utility.hh"
 #include "dns_random.hh"
+#include "opensslsigners.hh"
 #include <iostream>
 #include <errno.h>
 #include <boost/static_assert.hpp>
@@ -2566,6 +2567,7 @@ int serviceMain(int argc, char*argv[])
 
   showProductVersion();
   seedRandom(::arg()["entropy-source"]);
+
   g_disthashseed=dns_random(0xffffffff);
 
   loadRecursorLuaConfig(::arg()["lua-config-file"]);
@@ -2710,6 +2712,9 @@ int serviceMain(int argc, char*argv[])
   g_maxMThreads = ::arg().asNum("max-mthreads");
   checkOrFixFDS();
 
+  openssl_thread_setup();
+  openssl_seed();
+
   int newgid=0;
   if(!::arg()["setgid"].empty())
     newgid=Utility::makeGidNumeric(::arg()["setgid"]);
-- 
2.47.2