httpd-test-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aaron Bannert <aa...@ebuilt.com>
Subject Re: cvs commit: httpd-test/flood config.h.in configure.in flood_net_ssl.c
Date Tue, 07 Aug 2001 01:02:10 GMT
> Go blame OpenSSL.  They require these two files.  
> 
> /tmp/.rnd must be ~1024 bits of random data (some platforms don't need
> it, but Solaris does).
> /tmp/certs.pem must be all valid CAs that you are willing to accept.
> 
> This is slightly better than having it rely on either:
> 1) Constants in the flood_net_ssl.c file (RANDFILE was before)
> 2) Constants in the OpenSSL code (CAFILE was before)
> 
> If you don't like the paths I specified, go change it at configure 
> time.  =-)  -- justin

That's fine, make sure to document this requirement somewhere, both
so new users know what to do and so that users of systems that don't
have /tmp know what's going on. Also, I should mention that it is probably
a bad thing in terms of security to be using /tmp for the location
of a random file. For now it's NBD, document it so we don't forget about it.

-aaron


Mime
View raw message