Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 3046fe4

Browse files
committed
Issue #18747: document issue with OpenSSL's CPRNG state and fork
1 parent fb6b44e commit 3046fe4

2 files changed

Lines changed: 12 additions & 0 deletions

File tree

Doc/library/os.rst

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2582,6 +2582,10 @@ written in Python, such as a mail server's external command delivery program.
25822582
Note that some platforms including FreeBSD <= 6.3, Cygwin and OS/2 EMX have
25832583
known issues when using fork() from a thread.
25842584

2585+
.. warning::
2586+
2587+
See :mod:`ssl` for applications that use the SSL module with fork().
2588+
25852589
Availability: Unix.
25862590

25872591

Doc/library/ssl.rst

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,14 @@ probably additional platforms, as long as OpenSSL is installed on that platform.
2828
operating system socket APIs. The installed version of OpenSSL may also
2929
cause variations in behavior.
3030

31+
.. warning::
32+
33+
OpenSSL's internal random number generator does not properly handle fork.
34+
Applications must change the PRNG state of the parent process if they use
35+
any SSL feature with with :func:`os.fork`. Any successful call of
36+
:func:`~ssl.RAND_add`, :func:`~ssl.RAND_bytes` or
37+
:func:`~ssl.RAND_pseudo_bytes` is sufficient.
38+
3139
This section documents the objects and functions in the ``ssl`` module; for more
3240
general information about TLS, SSL, and certificates, the reader is referred to
3341
the documents in the "See Also" section at the bottom.

0 commit comments

Comments
 (0)