[Date Prev][Date Next] [Chronological] [Thread] [Top]

TLS random file (ITS#1052)

Full_Name: Jim Campbell
Version: 2.0.7
OS: Solaris 2.8/2.6
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (

As Solaris 2.6 has no /dev/urandom in order to set suitable PRNG
for OPENssl really need an extra config option eg:
TLSRandomFile = /some/file
The code is set up to do this through :
include/ldap.h:#define LDAP_OPT_X_TLS_RANDOM_FILE       0x600a
and libldap/tls.c:
tls_seed_PRNG( const char *randfile )
        /* no /dev/urandom (or equiv) */
        char buffer[MAXPATHLEN];

        if (randfile == NULL) {
                /* The seed file is $RANDFILE if defined, otherwise $HOME/.rnd.
                 * If $HOME is not set or buffer too small to hold the
                 * an error occurs.    - From RAND_file_name() man page.
                 * The fact is that when $HOME is NULL, .rnd is used.
                randfile = RAND_file_name( buffer, sizeof( buffer ) );

        } else if (RAND_egd(randfile) > 0) {
                /* EGD socket */
                return 0;
and various other locations otherwise have to rely on $HOME/.rnd or the
env variable $RANDFILE.