httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Frederic DONNAT" <frederic.don...@zencod.com>
Subject Enabling RAND redirection on crypto accelerator using OpenSSL ENGINE
Date Wed, 23 Oct 2002 18:50:50 GMT
Hi all,


A few month ago i submit a patch for redirecting RAND on crypto accelerator for mod-ssl and
apache-1.3.x.

A few weeks ago, i see a cvs commit about this on mod-ssl mailing list.
But i see that apache-2.0.x have not been updated.
I post a message for this in mod-ssl dev mailing list, but maybe should i post it somewhere
else!

So, in fact the patch is for ssl_engine_init.c file in directory ./modules/ssl.
Just modify functions calls:
	- ssl_engine_init () 
	- ssl_init_SSLlibrary ()

"ssl_engine_init()" (line 300) should be call earlier, before than "ssl_init_SSLlibrary()"
(line 270).

In fact you have to initialyze OpenSSL ENGINE before initialzing the library, due to fact
that OpenSSL default function pointer must be set to ENGINE function pointer before library
initialisation otherwise you can not modify default settings.

Geoff Thorpe comment:
  "ssl_init_SSLLibrary() must be seeding the PRNG, and thus initialising the set-on-first-use
pointer in openssl to a default RAND_METHOD."

Cliff Woolley comment:
Well, I can't do anything about 1.3's mod_ssl, but if somebody can verify
  for me that the following fixes Apache 2.0's mod_ssl, I'll commit it.


I recently download apache-2.0.x and no change about this ?
So, can anyone tell me more about?
Is this duie to OpenSSL ENGINE change for future release, or anything else?


Regards

Fred

Mime
View raw message