[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
TLS random file (ITS#1052)
Full_Name: Jim Campbell
Version: 2.0.7
OS: Solaris 2.8/2.6
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (147.188.40.2)
Hi,
As Solaris 2.6 has no /dev/urandom in order to set suitable PRNG
for OPENssl really need an extra config option eg:
TLSRandomFile = /some/file
The code is set up to do this through :
include/ldap.h:#define LDAP_OPT_X_TLS_RANDOM_FILE 0x600a
and libldap/tls.c:
tls_seed_PRNG( const char *randfile )
{
#ifndef URANDOM_DEVICE
/* no /dev/urandom (or equiv) */
char buffer[MAXPATHLEN];
if (randfile == NULL) {
/* The seed file is $RANDFILE if defined, otherwise $HOME/.rnd.
* If $HOME is not set or buffer too small to hold the
pathname,
* an error occurs. - From RAND_file_name() man page.
* The fact is that when $HOME is NULL, .rnd is used.
*/
randfile = RAND_file_name( buffer, sizeof( buffer ) );
} else if (RAND_egd(randfile) > 0) {
/* EGD socket */
return 0;
}
and various other locations otherwise have to rely on $HOME/.rnd or the
env variable $RANDFILE.
cheers
Jim