[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [neon] Re: https schema

From: Daniel Stenberg <daniel_at_haxx.se>
Date: 2001-12-14 08:31:40 CET

On Thu, 13 Dec 2001, Greg Stein wrote:

> > > svn_error: #21075 : <RA layer's server request failed>
> > > neon: Could not negotiate SSL session: PRNG not seeded

> > We have some code in flood that will seed OpenSSL's PRNG with
> > some cheesy stuff based on stack variables/timings. I guess
> > we could try something similar with neon. -- justin
>
> Is the seeding issue a client problem? Or is that in mod_ssl and Neon is
> just reporting the error from the server?
>
> Oh. You mentioned flood (therefore: client side). Yes, it sounds like Neon
> has some work to do. I'm copying the Neon mailing list...

Right, this is a client-side problem.

SSL is cryptography, and the SSL engine needs a good random seed to act good.
On systems without a /dev/urandom (such as Solaris), you need to be able to
specify your own random source, like a file name with random data or an EGD
socket.

This same problem was recently just fixed in wget (GPL licensed) and I have
written code that seeds the SSL engine in curl (MIT licensed). Getting
inspiration from an already written solution is easy.

I'm willing to donate code if need be.

-- 
      Daniel Stenberg - http://daniel.haxx.se - +46-705-44 31 77
   ech`echo xiun|tr nu oc|sed 'sx\([sx]\)\([xoi]\)xo un\2\1 is xg'`ol
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sat Oct 21 14:36:53 2006

This is an archived mail posted to the Subversion Dev mailing list.