On Fri, Dec 21, 2012 at 10:27 PM, Noah Misch <noah(at)leadboat(dot)com> wrote:
> How about instead calling RAND_cleanup() after each backend fork?
Attached is a patch that adds RAND_cleanup() to fork_process().
That way all forked processes start with fresh state. This should
make sure the problem does not happen in any processes
forked by postmaster.
Alternative is to put RAND_cleanup() to BackendInitialize() so only
new backends start with fresh state.
Another alternative is to put RAND_cleanup() after SSL_accept(),
that way core code sees no change, but other OpenSSL users
in backend operate securely.
In response to
pgsql-hackers by date
|Next:||From: Tom Lane||Date: 2013-01-13 22:46:12|
|Subject: Re: pgcrypto seeding problem when ssl=on|
|Previous:||From: Tom Lane||Date: 2013-01-13 21:43:28|
|Subject: Re: count(*) of zero rows returns 1|