rec: Initialize OpenSSL before chrooting

When chroot()'ing into a 'bare' directory, /dev/random is not available.
This means that OpenSSL cannot gather randomness and all validations
will fail.

Closes #3994

diff --git a/pdns/pdns_recursor.cc b/pdns/pdns_recursor.cc
index 66b12aaffa7505070561b3e193de95a281ef244b..84c5dfdb510fd78d88a43a605340fc06867cef61 100644 (file)
--- a/pdns/pdns_recursor.cc
+++ b/pdns/pdns_recursor.cc
@@ -33,6 +33,7 @@
 #include "recpacketcache.hh"
 #include "utility.hh"
 #include "dns_random.hh"
+#include "opensslsigners.hh"
 #include <iostream>
 #include <errno.h>
 #include <boost/static_assert.hpp>
@@ -2566,6 +2567,7 @@ int serviceMain(int argc, char*argv[])
 
   showProductVersion();
   seedRandom(::arg()["entropy-source"]);
+
   g_disthashseed=dns_random(0xffffffff);
 
   loadRecursorLuaConfig(::arg()["lua-config-file"]);
@@ -2710,6 +2712,9 @@ int serviceMain(int argc, char*argv[])
   g_maxMThreads = ::arg().asNum("max-mthreads");
   checkOrFixFDS();
 
+  openssl_thread_setup();
+  openssl_seed();
+
   int newgid=0;
   if(!::arg()["setgid"].empty())
     newgid=Utility::makeGidNumeric(::arg()["setgid"]);