https://bz.apache.org/bugzilla/show_bug.cgi?id=65159
--- Comment #31 from Ruediger Pluem <[email protected]> --- (In reply to Joe Orton from comment #28) > (In reply to Michael Kaufmann from comment #27) > > If you want to replace the implementation of mod_unique_id, a simple > > approach would be to generate the whole ID with pseudo-random bytes, like > > other web servers do. Unfortunately there is no fast APR function available > > to generate pseudo-random bytes (e.g. reading from /dev/urandom on Linux), > > just like there is no APR function available for real thread local storage. > > Yes, I wondered about this too. But there is apr_generate_random_bytes(), > also httpd has an RNG exposed via ap_random_*, plus we even have access to a > UUID generator via apr_uuid_ which (should) be plugged through to > getrandom() etc. Having mod_ssl generate UNIQUE_ID via RAND_bytes() would > also be a simpler alternative. Is it a wise idea to make this id generation dependent on mod_ssl? apr_generate_random_bytes / apr_uuid_ seem to offer a more independent approach. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
