ipc: run Net::SSLeay::randomize

Currently we don't use OpenSSL from child processes of parents
which use OpenSSL, but we may in the future.  So ensure OpenSSL
initializes its PRNG after these forks to avoid one security
pitfall down the line.

diff --git a/lib/PublicInbox/IPC.pm b/lib/PublicInbox/IPC.pm
index 3e29def87bf57de2f47b7593fa7600f1aad2275c..205b5b92cf71d4b1755a93dc7635a12767c9ab95 100644 (file)
--- a/lib/PublicInbox/IPC.pm
+++ b/lib/PublicInbox/IPC.pm
@@ -103,6 +103,7 @@ sub ipc_worker_spawn {
        my $pid = fork // die "fork: $!";
        if ($pid == 0) {
                srand($seed);
+               eval { Net::SSLeay::randomize() };
                eval { PublicInbox::DS->Reset };
                delete @$self{qw(-wq_s1 -wq_s2 -wq_workers -wq_ppid)};
                $w_req = $r_res = undef;
@@ -346,6 +347,7 @@ sub _wq_worker_start ($$$$) {
        my $pid = fork // die "fork: $!";
        if ($pid == 0) {
                srand($seed);
+               eval { Net::SSLeay::randomize() };
                undef $bcast1;
                eval { PublicInbox::DS->Reset };
                delete @$self{qw(-wq_s1 -wq_ppid)};