Don't try to read the whole of the random file because when /dev/urandom is

used, it slows initialization too much reading an infinitely long file!

diff --git a/lib/ssluse.c b/lib/ssluse.c
index 0a6868d513d45e9a0bbcc765198bd868c83195ff..ed4ecf2051a966c268afe8f3c4b2a1cb44bac0c7 100644 (file)
--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@@ -169,7 +169,7 @@ int random_the_seed(struct SessionHandle *data)
     /* let the option override the define */
     nread += RAND_load_file((data->set.ssl.random_file?
                              data->set.ssl.random_file:RANDOM_FILE),
-                            -1); /* -1 to read the entire file */
+                            16384); /* bounded size in case it's /dev/urandom */
     if(seed_enough(nread))
       return nread;
   }
@@ -231,7 +231,7 @@ int random_the_seed(struct SessionHandle *data)
   RAND_file_name(buf, BUFSIZE);
   if(buf[0]) {
     /* we got a file name to try */
-    nread += RAND_load_file(buf, -1);
+    nread += RAND_load_file(buf, 16384);
     if(seed_enough(nread))
       return nread;
   }