Hi,
I've tested it with Apache-2.0.39 using openssl-0.9.7-beta2, on linux Mdk-8.0. kernel 2.4.3-20mdk gcc version 2.96 And initializing engine before library enable rand redirection. That works fine for me. file: modules/ssl/ssl_engine_init.c Regards, Fred -----Original Message----- From: Cliff Woolley [mailto:[EMAIL PROTECTED]] Sent: Mon 07/15/2002 10:22 PM To: [EMAIL PROTECTED] Cc: Subject: Re: RAND function using OpenSSL 0.9.7 (A Solution) On Mon, 15 Jul 2002, Geoff Thorpe wrote: > > I change a function call and it works fine now. I do not know if this is > > the real way to solve my problem but this provide a solution. > > > > In file pkg.modssl/ssl_engine_int.c: > > move "ssl_init_Engine(s, p);" function call before > > "ssl_init_SSLLibrary();" function call instead of after. > > > > In fact if you want to use ENGINE default functionnalities you muste set > > ENGINE before everything. > > That is not *a* solution, it is *the* solution. ssl_init_SSLLibrary() must > be seeding the PRNG, and thus initialising the set-on-first-use pointer in > openssl to a default RAND_METHOD. Do you want to post a patch to the list? Well, I can't do anything about 1.3's mod_ssl, but if somebody can verify for me that the following fixes Apache 2.0's mod_ssl, I'll commit it. --Cliff Index: ssl_engine_init.c =================================================================== RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_init.c,v retrieving revision 1.102 diff -u -d -r1.102 ssl_engine_init.c --- ssl_engine_init.c 8 Jul 2002 17:43:33 -0000 1.102 +++ ssl_engine_init.c 15 Jul 2002 20:22:13 -0000 @@ -266,6 +266,11 @@ } +#ifdef SSL_EXPERIMENTAL_ENGINE + /* SSL external crypto device ("engine") support */ + ssl_init_Engine(base_server, p); +#endif + ssl_init_SSLLibrary(base_server); #if APR_HAS_THREADS @@ -290,13 +295,6 @@ if (ssl_tmp_keys_init(base_server)) { return !OK; } - - /* - * SSL external crypto device ("engine") support - */ -#ifdef SSL_EXPERIMENTAL_ENGINE - ssl_init_Engine(base_server, p); -#endif /* * initialize the mutex handling ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
<<winmail.dat>>
