diff options
| author | Christian Heimes <christian@cheimes.de> | 2013-10-29 20:11:55 (GMT) |
|---|---|---|
| committer | Christian Heimes <christian@cheimes.de> | 2013-10-29 20:11:55 (GMT) |
| commit | ee0bac66b2f388e2d685fa5eee2f7a4ea3910186 (patch) | |
| tree | f8fa48d948d9bc5f2e47f26e318b48eee819c622 /Doc/library/ssl.rst | |
| parent | db816d65464051ffa1aa2cce59dc7df721bbe873 (diff) | |
| parent | 3046fe4c039f333c1dc8d7758990df5bcadef873 (diff) | |
| download | cpython-ee0bac66b2f388e2d685fa5eee2f7a4ea3910186.zip cpython-ee0bac66b2f388e2d685fa5eee2f7a4ea3910186.tar.gz cpython-ee0bac66b2f388e2d685fa5eee2f7a4ea3910186.tar.bz2 | |
Issue #19227 / Issue #18747: Remove pthread_atfork() handler to remove OpenSSL re-seeding
It is causing trouble like e.g. hanging processes.
Diffstat (limited to 'Doc/library/ssl.rst')
| -rw-r--r-- | Doc/library/ssl.rst | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/Doc/library/ssl.rst b/Doc/library/ssl.rst index e86da5f..e6f164d 100644 --- a/Doc/library/ssl.rst +++ b/Doc/library/ssl.rst @@ -29,6 +29,14 @@ probably additional platforms, as long as OpenSSL is installed on that platform. cause variations in behavior. For example, TLSv1.1 and TLSv1.2 come with openssl version 1.0.1. +.. warning:: + + OpenSSL's internal random number generator does not properly handle fork. + Applications must change the PRNG state of the parent process if they use + any SSL feature with with :func:`os.fork`. Any successful call of + :func:`~ssl.RAND_add`, :func:`~ssl.RAND_bytes` or + :func:`~ssl.RAND_pseudo_bytes` is sufficient. + This section documents the objects and functions in the ``ssl`` module; for more general information about TLS, SSL, and certificates, the reader is referred to the documents in the "See Also" section at the bottom. |