From 8d0a4f99e154c3cbee914f66a7a2ef20ebc837f5 Mon Sep 17 00:00:00 2001 From: Michael Hanselmann <hansmi@google.com> Date: Tue, 24 Nov 2009 15:55:03 +0100 Subject: [PATCH] Add check for OpenSSL entropy status MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit By checking for this explicitly, the errors (SSLEAY_RAND_BYTES, βPRNG not seededβ) will happen in the start-up phase of the daemon and not only when executing remote procedure calls. Signed-off-by: Michael Hanselmann <hansmi@google.com> Reviewed-by: Iustin Pop <iustin@google.com> --- lib/http/__init__.py | 13 +++++++++++++ lib/rpc.py | 2 ++ 2 files changed, 15 insertions(+) diff --git a/lib/http/__init__.py b/lib/http/__init__.py index c98fa586d..a1f5e86ed 100644 --- a/lib/http/__init__.py +++ b/lib/http/__init__.py @@ -545,6 +545,19 @@ def Handshake(sock, write_timeout): raise HttpError("Error in SSL handshake: %s" % err) +def InitSsl(): + """Initializes the SSL infrastructure. + + This function is idempotent. + + """ + if not OpenSSL.rand.status(): + raise EnvironmentError("OpenSSL could not collect enough entropy" + " for the PRNG") + + # TODO: Maybe add some additional seeding for OpenSSL's PRNG + + class HttpSslParams(object): """Data class for SSL key and certificate. diff --git a/lib/rpc.py b/lib/rpc.py index edcb9d7e7..f354a418c 100644 --- a/lib/rpc.py +++ b/lib/rpc.py @@ -59,6 +59,8 @@ def Init(): assert not _http_manager, "RPC module initialized more than once" + http.InitSsl() + _http_manager = http.client.HttpClientManager() -- GitLab