On Thu, 21 Sep 2000, Philip Hazel wrote:
> [...] Finally discovered that all I had to do was to seed the random
> number generator early enough.
I haven't looked at what you have done, but I will offer a word of advice.
The last time I implemented something that used openssl I had real
problems seeding the random number generator on systems that did not have
/dev/random (e.g, Tru64 Unix AKA OSF1, AKA Digitial Unix).
Older versions of the openssl libraries allow for bad seeding, but newer
ones do not. What I had to do was install a perl thingy called the
"entropy gathering daemon" (EGD) and then patch the application, stunnel,
to seed using the EGD (the SSL libraries have added that as a way to
seed).
So when making ports for different systems with exim, this is going to be
a headache, specifically with systems that don't have kernel-based entropy
collectors.
I haven't looked at your code to see if you did this (and no longer have
access to Tru64 to test on).
-j
--
Jeffrey Goldberg
I have recently moved, see
http://www.goldmark.org/jeff/contact.html
Relativism is the triumph of authority over truth, convention over justice
