From 59e66ff766cbef04883c1d7477d66c7e9b515833 Mon Sep 17 00:00:00 2001 From: dequis Date: Thu, 24 Jul 2014 00:51:07 -0300 Subject: Fix the NSS init after fork bug, and clean up lies in unix.c This might look like a simple diff, but those 'lies' made this not very straightforward. The NSS bug itself is simple: NSS detects a fork happened after the initialization, and refuses to work because shared CSPRNG state is bad. The bug has been around for long time. I've been aware of it for 5 months, which says something about this mess. Trac link: http://bugs.bitlbee.org/bitlbee/ticket/785 This wasn't a big deal because the main users of NSS (redhat) already applied a different patch in their packages that workarounded the issue somewhat accidentally. And this is the ticket for the 'lies' in unix.c: http://bugs.bitlbee.org/bitlbee/ticket/1159 Basically a conflict with libotr that doesn't happen anymore. Read that ticket for details on why ignoring those comments is acceptable. Anyway: yay! --- irc.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'irc.c') diff --git a/irc.c b/irc.c index 187004c7..f864e31b 100644 --- a/irc.c +++ b/irc.c @@ -26,6 +26,7 @@ #include "bitlbee.h" #include "ipc.h" #include "dcc.h" +#include "lib/ssl_client.h" GSList *irc_connection_list; GSList *irc_plugins; @@ -170,6 +171,11 @@ irc_t *irc_new( int fd ) #ifdef WITH_PURPLE nogaim_init(); #endif + + /* SSL library initialization also should be done after the fork, to + avoid shared CSPRNG state. This is required by NSS, which refuses to + work if a fork is detected */ + ssl_init(); for( l = irc_plugins; l; l = l->next ) { -- cgit v1.2.3