I think this falls into the feature request category.
fork_process handles forking on *nix.
OpenSSL is not fork safe on the child side. I seem to recall Nico
Williams traced it back to non-safe async signal handling and the the
in-ability to replace the locks safely. See
http://wiki.openssl.org/index.php/Libcrypto_API#Fork_Safety.
In this case, they guys are recommending posix_spawn.
**********
fork_process finishes with the following:
#ifdef USE_SSL
RAND_cleanup();
#endif
It great to see the attention to detail.
RAND_cleanup may be heavier-weight than needed because it could
discard current generator state. In this case, if the state was good
before the fork, its probably good after the fork. So all that should
be needed is to mix in additional entropy to diversify states.
To mix in additional entropy (without discarding state), all that is
needed is a call to RAND_poll. See
http://wiki.openssl.org/index.php/Random_fork-safety.
Ben Laurie pushed a patch recently that might be of interest. It mixes
in the PID and Time from a high-res timer (if available) rather than
discarding state. See
https://github.com/openssl/openssl/commit/3cd8547a2018ada88a4303067a2aa15eadc17f39.
