mirror of
https://github.com/urbit/shrub.git
synced 2025-01-03 10:02:32 +03:00
moves openssl init and prng seeding to main.c
This commit is contained in:
parent
27da6091ea
commit
01bedc86f5
17
vere/cttp.c
17
vere/cttp.c
@ -20,7 +20,6 @@
|
||||
|
||||
#include <openssl/ssl.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/rand.h>
|
||||
|
||||
#include "../outside/jhttp/http_parser.h" // Joyent HTTP
|
||||
#include "all.h"
|
||||
@ -1612,14 +1611,8 @@ u3_cttp_ef_thus(c3_l num_l,
|
||||
void
|
||||
u3_cttp_io_init()
|
||||
{
|
||||
c3_i rad;
|
||||
c3_y buf[4096];
|
||||
|
||||
u3_Host.ctp_u.coc_u = 0;
|
||||
|
||||
SSL_library_init();
|
||||
SSL_load_error_strings();
|
||||
|
||||
u3_Host.ssl_u = SSL_CTX_new(TLSv1_client_method());
|
||||
SSL_CTX_set_options(u3S, SSL_OP_NO_SSLv2);
|
||||
SSL_CTX_set_verify(u3S, SSL_VERIFY_PEER, NULL);
|
||||
@ -1635,16 +1628,6 @@ u3_cttp_io_init()
|
||||
SSL_CTX_set_cipher_list(u3S, "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:"
|
||||
"ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:"
|
||||
"RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS");
|
||||
|
||||
// RAND_status, at least on OS X, never returns true.
|
||||
// 4096 bytes should be enough entropy for anyone, right?
|
||||
rad = open("/dev/urandom", O_RDONLY);
|
||||
if ( 4096 != read(rad, &buf, 4096) ) {
|
||||
perror("rand-seed");
|
||||
exit(1);
|
||||
}
|
||||
RAND_seed(buf, 4096);
|
||||
close(rad);
|
||||
}
|
||||
|
||||
/* u3_cttp_io_poll(): poll kernel for cttp I/O.
|
||||
|
@ -20,7 +20,6 @@
|
||||
|
||||
#include <openssl/ssl.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/rand.h>
|
||||
|
||||
// XX rename
|
||||
typedef struct _h2hed {
|
||||
@ -637,13 +636,7 @@ _http_serv_start(u3_http* htp_u)
|
||||
static SSL_CTX*
|
||||
_http_init_tls()
|
||||
{
|
||||
SSL_CTX* tls_u;
|
||||
|
||||
// XX only call these once between here and cttp (maybe in loop.c or main.c?)
|
||||
SSL_library_init();
|
||||
SSL_load_error_strings();
|
||||
|
||||
tls_u = SSL_CTX_new(TLSv1_2_server_method());
|
||||
SSL_CTX* tls_u = SSL_CTX_new(TLSv1_2_server_method());
|
||||
|
||||
SSL_CTX_set_options(tls_u, SSL_OP_NO_SSLv2);
|
||||
// SSL_CTX_set_verify(tls_u, SSL_VERIFY_NONE, NULL);
|
||||
|
19
vere/main.c
19
vere/main.c
@ -18,6 +18,7 @@
|
||||
#include <term.h>
|
||||
#include <dirent.h>
|
||||
#include <openssl/ssl.h>
|
||||
#include <openssl/rand.h>
|
||||
|
||||
#include "h2o.h"
|
||||
|
||||
@ -613,6 +614,24 @@ main(c3_i argc,
|
||||
#endif
|
||||
}
|
||||
|
||||
SSL_library_init();
|
||||
SSL_load_error_strings();
|
||||
|
||||
{
|
||||
c3_i rad;
|
||||
c3_y buf[4096];
|
||||
|
||||
// RAND_status, at least on OS X, never returns true.
|
||||
// 4096 bytes should be enough entropy for anyone, right?
|
||||
rad = open("/dev/urandom", O_RDONLY);
|
||||
if ( 4096 != read(rad, &buf, 4096) ) {
|
||||
perror("rand-seed");
|
||||
exit(1);
|
||||
}
|
||||
RAND_seed(buf, 4096);
|
||||
close(rad);
|
||||
}
|
||||
|
||||
// u3e_grab("main", u3_none);
|
||||
//
|
||||
u3_lo_loop();
|
||||
|
Loading…
Reference in New Issue
Block a user