[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Setting EGD random device with 2.0.7



On Tue, Mar 13, 2001 at 01:46:12PM -0700, Karl Bolingbroke wrote:
> > I know that setting the environment variable
> > RANDFILE is a workaround
> > but would rather set the path explicitly.
> 
> Furthermore, the RANDFILE environment variable workaround
> does not work.  (At least with OpenLDAP 2.0.7/HP-UX
> 11.00/gcc/OpenSSL 0.9.6.)

Ok, try the attached patch. It introduces a slapd.conf variable,
TLSRandFile, that sets the path. I'm testing on Solaris 2.6/SPARC now.
I think it works.

-- 
albert chin (china@thewrittenword.com)

-- snip snip
--- servers/slapd/config.c.orig	Tue Mar 13 14:33:10 2001
+++ servers/slapd/config.c	Tue Mar 13 14:37:40 2001
@@ -1086,6 +1086,12 @@
 						      &i );
 			if ( rc )
 				return rc;
+		} else if ( !strcasecmp( cargv[0], "TLSRandFile" ) ) {
+			rc = ldap_pvt_tls_set_option( NULL,
+						      LDAP_OPT_X_TLS_RANDOM_FILE,
+						      cargv[1] );
+			if ( rc )
+				return rc;
 
 #endif
 
--- doc/man/man5/slapd.conf.5.orig	Tue Mar 13 14:36:31 2001
+++ doc/man/man5/slapd.conf.5	Tue Mar 13 14:38:40 2001
@@ -423,6 +423,11 @@
 .B TLSCertificateFile
 file.  Currently, the private key must not be protected with a password, so
 it is of critical importance that it is protected carefully. 
+.TP
+.B TLSRandFile <filename>
+Specifies the socket the EGD/PRNGD daemons are listening when a
+/dev/random device is not available. The environment variable RANDFILE
+can also be used to specify the filename.
 .SH GENERAL BACKEND OPTIONS
 Options in this section only apply to the configuration file section
 for the backend in which they are defined.  They are supported by every