On Wed, Apr 22, 2015 at 09:29:49AM +0200, Kaspar Brand wrote: > Sorry for having missed this in my previous review: we should also > #ifdef the SSL_RSSRC_EGD case in > ssl_engine_config.c:ssl_cmd_SSLRandomSeed(), to make sure that "egd:..." > settings are not silently ignored when mod_ssl is compiled against > LibreSSL. Either let the failure then be detected by the > ssl_util_path_check, or (probably better) reject it similar to how it's > done for SSLCompression, SSLHonorCipherOrder etc. > > Kaspar
Thanks, good catch. Is this fine? Index: modules/ssl/ssl_engine_config.c =================================================================== --- modules/ssl/ssl_engine_config.c (revision 1675266) +++ modules/ssl/ssl_engine_config.c (working copy) @@ -574,8 +574,15 @@ const char *ssl_cmd_SSLRandomSeed(cmd_parms *cmd, seed->cpPath = ap_server_root_relative(mc->pPool, arg2+5); } else if ((arg2len > 4) && strEQn(arg2, "egd:", 4)) { +#ifdef HAVE_RAND_EGD seed->nSrc = SSL_RSSRC_EGD; seed->cpPath = ap_server_root_relative(mc->pPool, arg2+4); +#else + return apr_pstrcat(cmd->pool, "Invalid SSLRandomSeed entropy source `", + arg2, "': This version of " MODSSL_LIBRARY_NAME + " does not support the Entropy Gathering Daemon " + "(EGD).", NULL); +#endif } else if (strcEQ(arg2, "builtin")) { seed->nSrc = SSL_RSSRC_BUILTIN;