Re: [Exim] TLS/SSL support in Exim: Testers needed

Αρχική Σελίδα
Delete this message
Reply to this message
Συντάκτης: Jeffrey Goldberg
Ημερομηνία:  
Προς: Philip Hazel
Υ/ο: exim-users
Αντικείμενο: Re: [Exim] TLS/SSL support in Exim: Testers needed
On Thu, 21 Sep 2000, Philip Hazel wrote:

> [...] Finally discovered that all I had to do was to seed the random
> number generator early enough.


I haven't looked at what you have done, but I will offer a word of advice.
The last time I implemented something that used openssl I had real
problems seeding the random number generator on systems that did not have
/dev/random (e.g, Tru64 Unix AKA OSF1, AKA Digitial Unix).

Older versions of the openssl libraries allow for bad seeding, but newer
ones do not. What I had to do was install a perl thingy called the
"entropy gathering daemon" (EGD) and then patch the application, stunnel,
to seed using the EGD (the SSL libraries have added that as a way to
seed).

So when making ports for different systems with exim, this is going to be
a headache, specifically with systems that don't have kernel-based entropy
collectors.

I haven't looked at your code to see if you did this (and no longer have
access to Tru64 to test on).

-j

--
Jeffrey Goldberg
I have recently moved, see http://www.goldmark.org/jeff/contact.html
Relativism is the triumph of authority over truth, convention over justice