Hi Robert, > Hi William, > > Thanks for the your input. I've included a patch below against current > master > that I hope conforms to the contribution guidelines well enough. :) >
Could you send us as an attachment or using git-send-email because your mailer seems to mess with the whitespaces and tabs in the patch. Also add a line at the end of the commit message indicating in which version this patch should be backported. Thanks! > A couple of thoughts on my work: > > * Having to include a file directly from OpenSSL seems unfortunate, but OK > in > the context of the preprocessor guard > * The comment is perhaps redundant, but I don't think the side effect of > the > OpenSSL function is obvious from its name otherwise Fine to me. > * My reading of RAND_keep_random_devices_open is that it expects OpenSSL > rand_lib initialisation to have occurred already, and it will do it if > not. > So it seems possible that this function call could incur some delays if > rand_lib is not yet initialised and the entropy sources cause delay, > etc. > However, I don't know how big a concern that is. Any thoughts? In this case you could check the variables global.ssl_used_frontend && global.ssl_used_backend to ensure that SSL was used in the configuration. When those variables are not set, the random is not initialized. Regards, -- William Lallemand
