Changelog
Daniel Stenberg (1 Aug 2009)
+- Tanguy Fautre pointed out that OpenSSL's function RAND_screen() (present
+ only in some OpenSSL installs - like on Windows) isn't thread-safe and we
+ agreed that moving it to the global_init() function is a decent way to deal
+ with this situation.
+
- Alexander Beedie provided the patch for a noproxy problem: If I have set
CURLOPT_NOPROXY to "*", or to a host that should not use a proxy, I actually
could still end up using a proxy if a proxy environment variable was set.
o fix leak in gtls code
o missing algorithms in libcurl+OpenSSL
o with noproxy set you could still get a proxy if a proxy env was set
+ o rand seeding on libcurl on windows built with OpenSSL was not thread-safe
This release includes the following known bugs:
Andre Guibert de Bruet, Mike Crowe, Claes Jakobsson, John E. Malmberg,
Aaron Oneal, Igor Novoseltsev, Eric Wong, Bill Hoffman, Daniel Steinberg,
Fabian Keil, Michal Marek, Reuven Wachtfogel, Markus Koetter,
- Constantine Sapuntzakis, David Binderman, Johan van Selst, Alexander Beedie
+ Constantine Sapuntzakis, David Binderman, Johan van Selst, Alexander Beedie,
+ Tanguy Fautre
Thanks! (and sorry if I forgot to mention someone)
249 - Wildcard cert name checking and null termination
-250 - RAND_screen() fix
-
251 - TFTP block size
252 - disable SNI for SSLv2 and SSLv3
/* If we get here, it means we need to seed the PRNG using a "silly"
approach! */
#ifdef HAVE_RAND_SCREEN
- /* This one gets a random value by reading the currently shown screen */
- RAND_screen();
+ /* if RAND_screen() is present, it was called during global init */
nread = 100; /* just a value */
#else
{
OpenSSL_add_all_algorithms();
+#ifdef HAVE_RAND_SCREEN
+ /* This one gets a random value by reading the currently shown screen.
+ RAND_screen() is not thread-safe according to OpenSSL devs - although not
+ mentioned in documentation. */
+ RAND_screen();
+#endif
+
return 1;
}