httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Justin Erenkrantz <jerenkra...@ebuilt.com>
Subject Re: [PATCH] get mod_ssl to work again
Date Thu, 20 Dec 2001 18:55:02 GMT
On Thu, Dec 20, 2001 at 10:17:13AM -0800, Doug MacEachern wrote:
> since flood only seeds at startup time, might be better for you just to
> use apr_generate_random_bytes().  don't want to use that in modssl for
> 'SSLRandomSeed builtin connect', since /dev/random blocking will be too
> slow for every connect.  but will probably change it to use that for
> 'SSLRandomSeed builtin startup'.

As Daniel pointed out, /dev/{u}random isn't available on certain
platforms (Solaris).  And, in flood, this seeding is only used
when /dev/{u}random are not available.  APR does not support an
internal PRNG.  I've suggested it before and perhaps it is time
that we integrate truerand.c (anyone have a better version than
what is in mod_ssl?) so that we can always call
apr_generate_random_bytes()?  

I think that truerand isn't installed in enough places that it 
merits our redistribution in APR.  -- justin


Mime
View raw message