git.ipfire.org Git - thirdparty/apache/httpd.git/commit

author	Joe Orton <jorton@apache.org>
	Thu, 7 May 2020 10:34:12 +0000 (10:34 +0000)
committer	Joe Orton <jorton@apache.org>
	Thu, 7 May 2020 10:34:12 +0000 (10:34 +0000)
commit	c2321e5b8fa6792662deaaeb05f1c24bd71503eb
tree	06e7a8d645cef674661d88e8df38ebd4a90a34cb	tree
parent	e9945c13eee5c0a51eceb44665894fed0db4d354	commit \| diff

mod_ssl: Drop SSLRandomSeed implementation with OpenSSL 1.1.1.
Require that OpenSSL is configured with a suitable entropy source,
or fail startup otherwise.

* modules/ssl/ssl_private.h:
  Define MODSSL_USE_SSLRAND for OpenSSL < 1.1.1.
  (SSLModConfigRec): Only define pid, aRandSeed for <1.1.1.
  (ssl_rand_seed): Define as noop if !MODSSL_USE_SSLRAND.

* modules/ssl/ssl_engine_init.c (ssl_init_Module):
  Only initialize mc->pid for MODSSL_USE_SSLRAND.
  Fail if RAND_status() returns zero.
  (ssl_init_Child): Drop getpid and srand for !MODSSL_USE_SSLRAND.

* modules/ssl/ssl_engine_rand.c: ifdef-out for !MODSSL_USE_SSLRAND.
  (ssl_rand_seed): Drop warning if PRNG not seeded (now a startup
  error as above).

* modules/ssl/ssl_engine_config.c (ssl_config_global_create): Drop
  aRandSeed initialization.  (ssl_cmd_SSLRandomSeed): Log a warning if
  used w/!MODSSL_USE_SSLRAND.

Github: closes #123

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1877467 13f79535-47bb-0310-9956-ffa450edef68

CHANGES		diff \| blob \| blame \| history
docs/log-message-tags/next-number		diff \| blob \| blame \| history
modules/ssl/ssl_engine_config.c		diff \| blob \| blame \| history
modules/ssl/ssl_engine_init.c		diff \| blob \| blame \| history
modules/ssl/ssl_engine_rand.c		diff \| blob \| blame \| history
modules/ssl/ssl_private.h		diff \| blob \| blame \| history