httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From erikab...@apache.org
Subject cvs commit: httpd-2.0/docs/conf ssl-std.conf.in
Date Mon, 19 Jan 2004 18:07:40 GMT
erikabele    2004/01/19 10:07:40

  Modified:    .        Tag: APACHE_2_0_BRANCH STATUS
               docs/conf Tag: APACHE_2_0_BRANCH ssl-std.conf.in
  Log:
  Backport:
  
  Move SSLRandomSeed out of the <IfDefine SSL> container to support
  starting without SSL on platforms with no /dev/random equivalent
  but a statically compiled-in mod_ssl.
  
  PR: 25867
  Submitted by: Rob Meyer <rob bigdis.com>
  Reviewed by: erikabele, nd, trawick
  
  Revision  Changes    Path
  No                   revision
  No                   revision
  1.751.2.638 +1 -7      httpd-2.0/STATUS
  
  Index: STATUS
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/STATUS,v
  retrieving revision 1.751.2.637
  retrieving revision 1.751.2.638
  diff -u -r1.751.2.637 -r1.751.2.638
  --- STATUS	14 Jan 2004 21:55:37 -0000	1.751.2.637
  +++ STATUS	19 Jan 2004 18:07:39 -0000	1.751.2.638
  @@ -112,12 +112,6 @@
           nd asks: Should we make it runtime configurable either to 400, drop the
                    fragment or just treat it as part of the filename?
   
  -    * Move SSLRandomSeed out of the <IfDefine SSL> container to support
  -      starting without SSL on platforms with no /dev/random equivalent
  -      but a statically compiled-in mod_ssl.  PR: 25867
  -      http://cvs.apache.org/viewcvs.cgi/httpd-2.0/docs/conf/ssl-std.conf.in?r1=1.4&r2=1.5
  -      +1: erikabele, nd, trawick
  -
       * Fix segfault in mod_mem_cache cache_insert() due to cache size
         becoming negative.  PR: 21285, 21287
         http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/experimental/mod_mem_cache.c?r1=1.99&r2=1.100
  
  
  
  No                   revision
  No                   revision
  1.3.2.3   +24 -17    httpd-2.0/docs/conf/ssl-std.conf.in
  
  Index: ssl-std.conf.in
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/conf/ssl-std.conf.in,v
  retrieving revision 1.3.2.2
  retrieving revision 1.3.2.3
  diff -u -r1.3.2.2 -r1.3.2.3
  --- ssl-std.conf.in	4 Jan 2004 14:53:47 -0000	1.3.2.2
  +++ ssl-std.conf.in	19 Jan 2004 18:07:40 -0000	1.3.2.3
  @@ -8,6 +8,30 @@
   # what they do.  They're here only as hints or reminders.  If you are unsure
   # consult the online docs. You have been warned.  
   #
  +
  +#
  +# Pseudo Random Number Generator (PRNG):
  +# Configure one or more sources to seed the PRNG of the SSL library.
  +# The seed data should be of good random quality.
  +# WARNING! On some platforms /dev/random blocks if not enough entropy
  +# is available. This means you then cannot use the /dev/random device
  +# because it would lead to very long connection times (as long as
  +# it requires to make more entropy available). But usually those
  +# platforms additionally provide a /dev/urandom device which doesn't
  +# block. So, if available, use this one instead. Read the mod_ssl User
  +# Manual for more details.
  +#
  +# Note: This must come before the <IfDefine SSL> container to support
  +#       starting without SSL on platforms with no /dev/random equivalent
  +#       but a statically compiled-in mod_ssl.
  +#
  +SSLRandomSeed startup builtin
  +SSLRandomSeed connect builtin
  +#SSLRandomSeed startup file:/dev/random  512
  +#SSLRandomSeed startup file:/dev/urandom 512
  +#SSLRandomSeed connect file:/dev/random  512
  +#SSLRandomSeed connect file:/dev/urandom 512
  +
   <IfDefine SSL>
   
   #
  @@ -51,23 +75,6 @@
   #   Configure the path to the mutual exclusion semaphore the
   #   SSL engine uses internally for inter-process synchronization. 
   SSLMutex  file:@exp_runtimedir@/ssl_mutex
  -
  -#   Pseudo Random Number Generator (PRNG):
  -#   Configure one or more sources to seed the PRNG of the 
  -#   SSL library. The seed data should be of good random quality.
  -#   WARNING! On some platforms /dev/random blocks if not enough entropy
  -#   is available. This means you then cannot use the /dev/random device
  -#   because it would lead to very long connection times (as long as
  -#   it requires to make more entropy available). But usually those
  -#   platforms additionally provide a /dev/urandom device which doesn't
  -#   block. So, if available, use this one instead. Read the mod_ssl User
  -#   Manual for more details.
  -SSLRandomSeed startup builtin
  -SSLRandomSeed connect builtin
  -#SSLRandomSeed startup file:/dev/random  512
  -#SSLRandomSeed startup file:/dev/urandom 512
  -#SSLRandomSeed connect file:/dev/random  512
  -#SSLRandomSeed connect file:/dev/urandom 512
   
   ##
   ## SSL Virtual Host Context
  
  
  

Mime
View raw message