i thought it might be usefull for mod_ssl to log (at debug level) the
entropy source from which the PRNG will be seeded from so that proper
entropy source configuration can be verified. i've attached a small patch
(mod_ssl-2.8.12-1.3.27) which does this.
best regards,
--
aspa http://www.kronodoc.fi/
*** pkg.sslmod/ssl_engine_rand.c.orig Mon Jan 27 10:07:26 2003
--- pkg.sslmod/ssl_engine_rand.c Mon Jan 27 10:40:46 2003
***************
*** 87,92 ****
--- 87,98 ----
time_t t;
pid_t pid;
int m;
+ char *ctxNames[] = { "", "startup", "connect" };
+ char *rssrcNames[] = { "", "builtin", "file", "exec"
+ #if SSL_LIBRARY_VERSION >= 0x00905100
+ , "EGD"
+ #endif
+ };
mc = myModConfig();
nReq = 0;
***************
*** 97,102 ****
--- 103,111 ----
pRandSeed = &pRandSeeds[i];
if (pRandSeed->nCtx == nCtx) {
nReq += pRandSeed->nBytes;
+
+ ssl_log(s, SSL_LOG_DEBUG, "%sRequesting %d bytes of entropy from %s:%s in
+'%s' context", prefix, pRandSeed->nBytes, rssrcNames[pRandSeed->nSrc],
+pRandSeed->cpPath, ctxNames[pRandSeed->nCtx]);
+
if (pRandSeed->nSrc == SSL_RSSRC_FILE) {
/*
* seed in contents of an external file
