[Date Prev][Date Next] [Chronological] [Thread] [Top]

TLS random file (ITS#1052)

To: openldap-its@OpenLDAP.org
Subject: TLS random file (ITS#1052)
From: J.Campbell@bham.ac.uk
Date: Fri, 2 Mar 2001 16:28:31 GMT

Full_Name: Jim Campbell
Version: 2.0.7
OS: Solaris 2.8/2.6
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (147.188.40.2)


Hi,
As Solaris 2.6 has no /dev/urandom in order to set suitable PRNG
for OPENssl really need an extra config option eg:
TLSRandomFile = /some/file
The code is set up to do this through :
include/ldap.h:#define LDAP_OPT_X_TLS_RANDOM_FILE       0x600a
and libldap/tls.c:
tls_seed_PRNG( const char *randfile )
{
#ifndef URANDOM_DEVICE
        /* no /dev/urandom (or equiv) */
        char buffer[MAXPATHLEN];

        if (randfile == NULL) {
                /* The seed file is $RANDFILE if defined, otherwise $HOME/.rnd.
                 * If $HOME is not set or buffer too small to hold the
pathname,
                 * an error occurs.    - From RAND_file_name() man page.
                 * The fact is that when $HOME is NULL, .rnd is used.
                 */
                randfile = RAND_file_name( buffer, sizeof( buffer ) );

        } else if (RAND_egd(randfile) > 0) {
                /* EGD socket */
                return 0;
        }
and various other locations otherwise have to rely on $HOME/.rnd or the
env variable $RANDFILE.
cheers
Jim

Prev by Date: Update Referrals (ITS#1051)
Next by Date: ldap_rename (aka _modrdn) moves nodes having children and leaves children orphaned (ITS#1053)
Index(es):
- Chronological
- Thread