[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: TLS_RANDFILE not recognized in ldap.conf/.ldaprc (ITS#733)

To: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Subject: RE: TLS_RANDFILE not recognized in ldap.conf/.ldaprc (ITS#733)
From: "Cheng, Ted C" <Ted.Cheng@ca.com>
Date: Tue, 12 Sep 2000 18:41:12 -0400
Cc: openldap-bugs@OpenLDAP.org, Michael Weiser <michael@weiser.saale-net.de>

> Anyways, would be nice if the library could be configured to
> attepmt RAND_egd().

Just need to make sure that the config file is read before
ldap_pvt_tls_init() is called.

static int
tls_seed_PRNG(const char *randfile) <-- called by ldap_pvt_tls_init()
{
	if (seeded)
		return 1;

	if (randfile == NULL) <----- config file not read, egd never
attempted
	{
		/* The seed file is $RANDFILE if defined, otherwise
$HOME/.rnd.
		* If $HOME is not set or buffer too small to hold the
pathname,
		* an error occurs.    - From RAND_file_name() man page.
		* The fact is that when $HOME is NULL, .rnd is used.
		*/
		randfile = RAND_file_name(buffer, sizeof( buffer ));
	}
	else if (RAND_egd(randfile) > 0) <---- config file read, RAND_egd()
attempted once
	{
		/* EGD socket */
		egdsocket = 1;
		return 1;
	}

	if (randfile == NULL)
	{
		Debug( LDAP_DEBUG_ANY, "TLS: Use $RANDFILE to define seed
file.\n",0,0,0);
		return 0;
	}

	RAND_load_file(randfile, -1);  <-------- RAND_egd() failed, load
randfile

	if (RAND_status() == 0)
	{
		/* PRNG has not been seeded with enough data */
		Debug( LDAP_DEBUG_ANY,
			"TLS: could not seed PRNG using %s.\n",
randfile,0,0);
		return 0;
	}

	seeded = 1;
	return 1;
}

Follow-Ups:
- RE: TLS_RANDFILE not recognized in ldap.conf/.ldaprc (ITS#733)
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: RE: TLS_RANDFILE not recognized in ldap.conf/.ldaprc (ITS#733)
Next by Date: assertion error in slapd
Index(es):
- Chronological
- Thread