Commit 8d0a4f99 authored by Michael Hanselmann's avatar Michael Hanselmann
Browse files

Add check for OpenSSL entropy status



By checking for this explicitly, the errors (SSLEAY_RAND_BYTES, “PRNG
not seeded”) will happen in the start-up phase of the daemon and not
only when executing remote procedure calls.
Signed-off-by: default avatarMichael Hanselmann <hansmi@google.com>
Reviewed-by: default avatarIustin Pop <iustin@google.com>
parent 20b1bd80
......@@ -545,6 +545,19 @@ def Handshake(sock, write_timeout):
raise HttpError("Error in SSL handshake: %s" % err)
def InitSsl():
"""Initializes the SSL infrastructure.
This function is idempotent.
"""
if not OpenSSL.rand.status():
raise EnvironmentError("OpenSSL could not collect enough entropy"
" for the PRNG")
# TODO: Maybe add some additional seeding for OpenSSL's PRNG
class HttpSslParams(object):
"""Data class for SSL key and certificate.
......
......@@ -59,6 +59,8 @@ def Init():
assert not _http_manager, "RPC module initialized more than once"
http.InitSsl()
_http_manager = http.client.HttpClientManager()
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment