Re: [Exim] TLS/SSL support in Exim: Testers needed

Página Principal
Apagar esta mensagem
Responder a esta mensagem
Autor: Jeffrey Goldberg
Data:  
Para: V. T. Mueller
CC: Philip Hazel, exim-users
Assunto: Re: [Exim] TLS/SSL support in Exim: Testers needed
On Thu, 21 Sep 2000, V. T. Mueller wrote:

> As a HP-UX user, I would like to ask Philip to make exim behave like
> modssl for apache does. Namly it allows one to set:
>
> SSLRandomSeed startup builtin
> SSLRandomSeed connect builtin
>
> So that modssl itself cares for collecting random data.


I agree that it would make configuring and installing easier, but I'm not
sure that it makes sense to have a security crucial portion of the TLS
operation thrown in when there are external utilities that will do the
job. I guess we could have a choice between the three:

  (1) Use /dev/random
      (note that reads on /dev/random wait if there isn't enough entropy
      there.  One needs to consider whether or not that is a good thing).


      Actually it appears that OpenSSL will do that automatically if it
      exists.


  (2) Use the Entropy Gathering Daemon.  This means more to install and
      configure.  But it is easy to code, as there is an openssl library
      function


         int RAND_egd(const char *path)


      which seeds the PRNG.  (The man page for that describes where to
      get the EGD).


  (3) Otherwise use whatever internal seed exim can come up with and call
      RAND_seed(const void *buf, int num).



So seeding should be something like

  if(RAND_status()) /* all is ok.  Must have seeded from /dev/urandom */
     /* do nothing */ ;
  else if(RAND_egd("/path/to/edg/socket") != -1) {
     /* great we got a seed from EGD */
     /* do nothing */ ;
  else  {
    /* use our internal method for seeding, to get a seed */
    RAND_seed(*seed, bufsize);
  }


/* test that SSL is happy */
if(!RAND_status()) {

     /* error processing goes here.  You can't continue with SSL stuff
        at this point */


}


Note: Before people wince to much at that, I prefer the logic of

  if (...)
    /* do nothing */ ;
  else if( ... )
    /* still nothing */ ;
  else {
   real stuff goes here


To scoping the negation outward. But it is a matter of taste.

The EGD path can be a runtime configuration option and what to do on
seeding failures may also be a runtime configuration option.

-j

--
Jeffrey Goldberg
I have recently moved, see http://www.goldmark.org/jeff/contact.html
Relativism is the triumph of authority over truth, convention over justice