Hello,
The following patch avoids crashess. In src/ssl.c:prng_init(), the
RAND_get_rand_method() may return NULL so strict the check to skip PRNG
initialization.
Diff inline below, against 5.62
gsoares
--- ssl.c.orig Thu Mar 3 16:10:39 2022
+++ ssl.c Thu Mar 3 16:13:17 2022
@@ -354,7 +354,7 @@ NOEXPORT int prng_init(GLOBAL_OPTIONS *global) {
const RAND_METHOD *meth=RAND_get_rand_method();
/* skip PRNG initialization when no seeding methods are available */
- if(meth->status==NULL || meth->add==NULL) {
+ if(meth==NULL || meth->status==NULL || meth->add==NULL) {
s_log(LOG_DEBUG, "No PRNG seeding methods");
return 0; /* success */
}