Changeset 59e66ff


Ignore:
Timestamp:
2014-07-24T03:51:07Z (10 years ago)
Author:
dequis <dx@…>
Branches:
master
Children:
632627e
Parents:
269580c
Message:

Fix the NSS init after fork bug, and clean up lies in unix.c

This might look like a simple diff, but those 'lies' made this not very
straightforward.

The NSS bug itself is simple: NSS detects a fork happened after the
initialization, and refuses to work because shared CSPRNG state is bad.
The bug has been around for long time. I've been aware of it for 5
months, which says something about this mess. Trac link:

http://bugs.bitlbee.org/bitlbee/ticket/785

This wasn't a big deal because the main users of NSS (redhat) already
applied a different patch in their packages that workarounded the issue
somewhat accidentally. And this is the ticket for the 'lies' in unix.c:

http://bugs.bitlbee.org/bitlbee/ticket/1159

Basically a conflict with libotr that doesn't happen anymore. Read that
ticket for details on why ignoring those comments is acceptable.

Anyway: yay!

Files:
2 edited

Legend:

Unmodified
Added
Removed
  • irc.c

    r269580c r59e66ff  
    2727#include "ipc.h"
    2828#include "dcc.h"
     29#include "lib/ssl_client.h"
    2930
    3031GSList *irc_connection_list;
     
    171172        nogaim_init();
    172173#endif
     174
     175        /* SSL library initialization also should be done after the fork, to
     176           avoid shared CSPRNG state. This is required by NSS, which refuses to
     177           work if a fork is detected */
     178        ssl_init();
    173179       
    174180        for( l = irc_plugins; l; l = l->next )
  • unix.c

    r269580c r59e66ff  
    3232#include "help.h"
    3333#include "ipc.h"
    34 #include "lib/ssl_client.h"
    3534#include "md5.h"
    3635#include "misc.h"
     
    8281#endif
    8382       
    84         /* Ugly Note: libotr and gnutls both use libgcrypt. libgcrypt
    85            has a process-global config state whose initialization happpens
    86            twice if libotr and gnutls are used together. libotr installs custom
    87            memory management functions for libgcrypt while our gnutls module
    88            uses the defaults. Therefore we initialize OTR after SSL. *sigh* */
    89         ssl_init();
    9083#ifdef OTR_BI
    9184        otr_init();
    9285#endif
    93         /* And in case OTR is loaded as a plugin, it'll also get loaded after
    94            this point. */
    9586       
    9687        srand( time( NULL ) ^ getpid() );
Note: See TracChangeset for help on using the changeset viewer.