On Mon, 15 Jul 2002, Geoff Thorpe wrote:
> > I change a function call and it works fine now. I do not know if this is
> > the real way to solve my problem but this provide a solution.
> >
> > In file pkg.modssl/ssl_engine_int.c:
> > move "ssl_init_Engine(s, p);" function call before
> > "ssl_init_SSLLibrary();" function call instead of after.
> >
> > In fact if you want to use ENGINE default functionnalities you muste set
> > ENGINE before everything.
>
> That is not *a* solution, it is *the* solution. ssl_init_SSLLibrary() must
> be seeding the PRNG, and thus initialising the set-on-first-use pointer in
> openssl to a default RAND_METHOD. Do you want to post a patch to the list?
Well, I can't do anything about 1.3's mod_ssl, but if somebody can verify
for me that the following fixes Apache 2.0's mod_ssl, I'll commit it.
--Cliff
Index: ssl_engine_init.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_init.c,v
retrieving revision 1.102
diff -u -d -r1.102 ssl_engine_init.c
--- ssl_engine_init.c 8 Jul 2002 17:43:33 -0000 1.102
+++ ssl_engine_init.c 15 Jul 2002 20:22:13 -0000
@@ -266,6 +266,11 @@
}
+#ifdef SSL_EXPERIMENTAL_ENGINE
+ /* SSL external crypto device ("engine") support */
+ ssl_init_Engine(base_server, p);
+#endif
+
ssl_init_SSLLibrary(base_server);
#if APR_HAS_THREADS
@@ -290,13 +295,6 @@
if (ssl_tmp_keys_init(base_server)) {
return !OK;
}
-
- /*
- * SSL external crypto device ("engine") support
- */
-#ifdef SSL_EXPERIMENTAL_ENGINE
- ssl_init_Engine(base_server, p);
-#endif
/*
* initialize the mutex handling
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
