Personally, I think the fix belongs in context.
Yes, we agree on that.
/.../ I didn't do that because other code (non-sslfile) seemed to work just fine, so in the spirit of not messing with common code I didn't totally understand, it went in sslfile.
Aha, so you're implying you totally understand sslfile. Congrats, that's impressive! ;) Even though I wrote essentially all of it I still can't say I understand it all the time.
/.../ The reason I believe it to be intentional is that it's not just defined, it's also set to zero. This tells me that there's a particular reason for not setting it to a function that works.
If the declaration was "function(int:string) random = 0;" I'd agree with you. But now I can't find any place where it's explicitly set to zero. Where do you look?
Besides your kludge, I can't even find a place where any code tests its value. (Granted, I haven't looked very closely in Roxen or ChiliMoon or any of the other big TLS apps - searching for "random" in them trigs a bit too many false hits.)