[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [neon] Re: https schema

From: Daniel Stenberg <daniel_at_haxx.se>
Date: 2001-12-14 08:31:40 CET

On Thu, 13 Dec 2001, Greg Stein wrote:

> > > svn_error: #21075 : <RA layer's server request failed>
> > > neon: Could not negotiate SSL session: PRNG not seeded

> > We have some code in flood that will seed OpenSSL's PRNG with
> > some cheesy stuff based on stack variables/timings. I guess
> > we could try something similar with neon. -- justin
> Is the seeding issue a client problem? Or is that in mod_ssl and Neon is
> just reporting the error from the server?
> Oh. You mentioned flood (therefore: client side). Yes, it sounds like Neon
> has some work to do. I'm copying the Neon mailing list...

Right, this is a client-side problem.

SSL is cryptography, and the SSL engine needs a good random seed to act good.
On systems without a /dev/urandom (such as Solaris), you need to be able to
specify your own random source, like a file name with random data or an EGD

This same problem was recently just fixed in wget (GPL licensed) and I have
written code that seeds the SSL engine in curl (MIT licensed). Getting
inspiration from an already written solution is easy.

I'm willing to donate code if need be.

      Daniel Stenberg - http://daniel.haxx.se - +46-705-44 31 77
   ech`echo xiun|tr nu oc|sed 'sx\([sx]\)\([xoi]\)xo un\2\1 is xg'`ol
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sat Oct 21 14:36:53 2006

This is an archived mail posted to the Subversion Dev mailing list.