httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Trawick <>
Subject Re: Enabling RAND redirection on crypto accelerator using OpenSSL ENGINE
Date Fri, 25 Oct 2002 00:15:54 GMT
"Frederic DONNAT" <> writes:

> A few month ago i submit a patch for redirecting RAND on crypto accelerator for mod-ssl
and apache-1.3.x.
> A few weeks ago, i see a cvs commit about this on mod-ssl mailing list.
> But i see that apache-2.0.x have not been updated.

maintainers of mod_ssl for Apache 1.3 apparently have to time for
Apache 2.0 mod_ssl

> I post a message for this in mod-ssl dev mailing list, but maybe should i post it somewhere

yes, if you have a concern about Apache 2.0 mod_ssl please post here,
but note that more skills are on mod-ssl dev mailing list

> So, in fact the patch is for ssl_engine_init.c file in directory ./modules/ssl.
> Just modify functions calls:
> 	- ssl_engine_init () 
> 	- ssl_init_SSLlibrary ()
> "ssl_engine_init()" (line 300) should be call earlier, before than "ssl_init_SSLlibrary()"
(line 270).
> In fact you have to initialyze OpenSSL ENGINE before initialzing the library, due to
fact that OpenSSL default function pointer must be set to ENGINE function pointer before library
initialisation otherwise you can not modify default settings.
> Geoff Thorpe comment:
>   "ssl_init_SSLLibrary() must be seeding the PRNG, and thus initialising the set-on-first-use
pointer in openssl to a default RAND_METHOD."
> Cliff Woolley comment:
> Well, I can't do anything about 1.3's mod_ssl, but if somebody can verify
>   for me that the following fixes Apache 2.0's mod_ssl, I'll commit it.

apparently nobody verified for Cliff that it fixed the problem with
Apache 2.0

can you verify it?

can you post a patch with the change?


Jeff Trawick |
Born in Roswell... married an alien...

View raw message