From: "Daniel Lopez" <[EMAIL PROTECTED]>
Sent: Thursday, December 20, 2001 1:26 PM
> On Thu, Dec 20, 2001 at 11:07:13AM -0800, Doug MacEachern wrote:
> > On Thu, 20 Dec 2001, Daniel Lopez wrote:
> >
> > >
> > > /dev/urandom is not available in all platforms
> >
> > right, which is why it is
Justin Erenkrantz <[EMAIL PROTECTED]> writes:
> I think that truerand isn't installed in enough places that it
> merits our redistribution in APR. -- justin
+1 in general... AIX, OS/390, Tru64, HP-UX, older Solaris are
platforms I play on that don't have /dev/*random (leaving
mod_auth_digest
On Thu, Dec 20, 2001 at 11:07:13AM -0800, Doug MacEachern wrote:
> On Thu, 20 Dec 2001, Daniel Lopez wrote:
>
> >
> > /dev/urandom is not available in all platforms
>
> right, which is why it is not portable to use directly.
I was not arguing, I was just reinstating your point :)
On NT openss
On Thu, 20 Dec 2001, Justin Erenkrantz wrote:
> so that we can always call apr_generate_random_bytes()?
oh, i assumed we already could. +1 on whatever it takes to make that
function usable on all platforms.
On Thu, Dec 20, 2001 at 11:00:13AM -0800, Aaron Bannert wrote:
> What is truerand.c? Can you provide a URL or perhaps a Message-ID in
> case it came up before and I missed it?
The only place I can find it is within mod_ssl's sources:
pkg.contrib/truerand.c
I can't find any online sources. I've
On Thu, 20 Dec 2001, Daniel Lopez wrote:
>
> /dev/urandom is not available in all platforms
right, which is why it is not portable to use directly. /dev/random is
also not available on all platforms, so apr uses whats available to
provide the same functionality for the given platform in
apr_g
On Thu, Dec 20, 2001 at 10:55:02AM -0800, Justin Erenkrantz wrote:
> As Daniel pointed out, /dev/{u}random isn't available on certain
> platforms (Solaris). And, in flood, this seeding is only used
> when /dev/{u}random are not available. APR does not support an
> internal PRNG. I've suggested
On Thu, Dec 20, 2001 at 10:17:13AM -0800, Doug MacEachern wrote:
> since flood only seeds at startup time, might be better for you just to
> use apr_generate_random_bytes(). don't want to use that in modssl for
> 'SSLRandomSeed builtin connect', since /dev/random blocking will be too
> slow for e
/dev/urandom is not available in all platforms
On Thu, Dec 20, 2001 at 10:40:09AM -0800, Doug MacEachern wrote:
> On Thu, 20 Dec 2001, Aaron Bannert wrote:
>
> > /dev/urandom won't block, so maybe we could live with that once per
> > request and use the /dev/random for startup.
>
> right, on
On Thu, 20 Dec 2001, Aaron Bannert wrote:
> /dev/urandom won't block, so maybe we could live with that once per
> request and use the /dev/random for startup.
right, only problem is apr doesn't support /dev/urandom. maybe we need an
apr_generate_urandom_bytes() function or a non-blocking flag
On Thu, Dec 20, 2001 at 10:17:13AM -0800, Doug MacEachern wrote:
> that function was derived from mod_ssl-1.xx and have learned some
> things since. i recently noticed OpenSSL internally calls
> RAND_seed(time()) during negotiation. so i was planning to remove that
> same call from modssl or at
On Thu, 20 Dec 2001, Justin Erenkrantz wrote:
> FWIW, DougM submitted this function to flood to generate OpenSSL
> entropy. I'd almost suggest somehow factoring this into apr-util
> since flood needs this too (and doesn't have a scoreboard).
that function was derived from mod_ssl-1.xx and ha
On Thu, Dec 20, 2001 at 11:29:43AM -0600, William A. Rowe, Jr. wrote:
> I'll see your +1 and double :)
>
> Yes - perhaps the MPM itself should generate ap_server_entropy.
FWIW, DougM submitted this function to flood to generate OpenSSL
entropy. I'd almost suggest somehow factoring this into apr
From: "Doug MacEachern" <[EMAIL PROTECTED]>
Sent: Thursday, December 20, 2001 11:07 AM
> On 18 Dec 2001, Jeff Trawick wrote:
>
> > or just an entropy function? why should any module care that it is
> > from the scoreboard?
>
> +1 on that or anything to get mod_ssl working again.
I'll see yo
On 18 Dec 2001, Jeff Trawick wrote:
> or just an entropy function? why should any module care that it is
> from the scoreboard?
+1 on that or anything to get mod_ssl working again.
"William A. Rowe, Jr." <[EMAIL PROTECTED]> writes:
> From: "Jeff Trawick" <[EMAIL PROTECTED]>
> Sent: Tuesday, December 18, 2001 7:55 AM
>
>
> > mod_ssl has some questionable access to the scoreboard which doesn't
> > work correctly starting a few minutes ago because SCOREBOARD_SIZE is
> > much
From: "Jeff Trawick" <[EMAIL PROTECTED]>
Sent: Tuesday, December 18, 2001 7:55 AM
> mod_ssl has some questionable access to the scoreboard which doesn't
> work correctly starting a few minutes ago because SCOREBOARD_SIZE is
> much smaller than it expects (< 1024, not indicative of the real size
mod_ssl has some questionable access to the scoreboard which doesn't
work correctly starting a few minutes ago because SCOREBOARD_SIZE is
much smaller than it expects (< 1024, not indicative of the real size
of the scoreboard).
This patch should get things going again, but I wonder if anybody has
18 matches
Mail list logo