On 07.06.19 10:45, Tomas Mraz wrote:
From the point of view of distribution maintainer of OpenSSL I would
say what we had in 1.1.1 before the introduction of DEVRANDOM_WAIT
had
no real problems for us.
And to clarify myself - we have no problem with the DEVRANDOM_WAIT
introduction either as the -DDEVRANDOM=/dev/urandom works nicely for
us.
Thomas' solution works, but it is not more than a workaround,
a hack which is exploiting the fact that the DEVRANDOM_WAIT
code is placed inside an `# ifndef DEVRANDOM`.
See the discussion on openssl-users:
https://mta.openssl.org/pipermail/openssl-users/2019-May/010585.html
https://mta.openssl.org/pipermail/openssl-users/2019-May/010593.html
https://mta.openssl.org/pipermail/openssl-users/2019-May/010595.html
If desired, I can provide an alternative (competing) pull request which
makes the DEVRANDOM_WAIT feature configurable in a proper and
reasonable way. The default will be whatever the OMC decides.
Matthias
