Backport:

Move SSLRandomSeed out of the <IfDefine SSL> container to support
starting without SSL on platforms with no /dev/random equivalent
but a statically compiled-in mod_ssl.

PR: 25867
Submitted by: Rob Meyer <rob bigdis.com>
Reviewed by: erikabele, nd, trawick
Obtained from:

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/APACHE_2_0_BRANCH@102376 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/STATUS b/STATUS
index a66546e07fd040cbc35deb2e377c4f2447275c8d..c271ccbea4f4700db9e649872ec7b2a7d5150a80 100644 (file)
--- a/STATUS
+++ b/STATUS
@@ -1,5 +1,5 @@
 APACHE 2.0 STATUS:                                              -*-text-*-
-Last modified at [$Date: 2004/01/14 21:55:37 $]
+Last modified at [$Date: 2004/01/19 18:07:39 $]
 
 Release:
 
@@ -112,12 +112,6 @@ PATCHES TO BACKPORT FROM 2.1
         nd asks: Should we make it runtime configurable either to 400, drop the
                  fragment or just treat it as part of the filename?
 
-    * Move SSLRandomSeed out of the <IfDefine SSL> container to support
-      starting without SSL on platforms with no /dev/random equivalent
-      but a statically compiled-in mod_ssl.  PR: 25867
-      http://cvs.apache.org/viewcvs.cgi/httpd-2.0/docs/conf/ssl-std.conf.in?r1=1.4&r2=1.5
-      +1: erikabele, nd, trawick
-
     * Fix segfault in mod_mem_cache cache_insert() due to cache size
       becoming negative.  PR: 21285, 21287
       http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/experimental/mod_mem_cache.c?r1=1.99&r2=1.100

diff --git a/docs/conf/ssl-std.conf.in b/docs/conf/ssl-std.conf.in
index 5819b5a3c84b0fd3c41898312cc03f41db9bf5ee..748f60c64308777bd513f1ed06dcb9027c4ade62 100644 (file)
--- a/docs/conf/ssl-std.conf.in
+++ b/docs/conf/ssl-std.conf.in
@@ -8,6 +8,30 @@
 # what they do.  They're here only as hints or reminders.  If you are unsure
 # consult the online docs. You have been warned.  
 #
+
+#
+# Pseudo Random Number Generator (PRNG):
+# Configure one or more sources to seed the PRNG of the SSL library.
+# The seed data should be of good random quality.
+# WARNING! On some platforms /dev/random blocks if not enough entropy
+# is available. This means you then cannot use the /dev/random device
+# because it would lead to very long connection times (as long as
+# it requires to make more entropy available). But usually those
+# platforms additionally provide a /dev/urandom device which doesn't
+# block. So, if available, use this one instead. Read the mod_ssl User
+# Manual for more details.
+#
+# Note: This must come before the <IfDefine SSL> container to support
+#       starting without SSL on platforms with no /dev/random equivalent
+#       but a statically compiled-in mod_ssl.
+#
+SSLRandomSeed startup builtin
+SSLRandomSeed connect builtin
+#SSLRandomSeed startup file:/dev/random  512
+#SSLRandomSeed startup file:/dev/urandom 512
+#SSLRandomSeed connect file:/dev/random  512
+#SSLRandomSeed connect file:/dev/urandom 512
+
 <IfDefine SSL>
 
 #
@@ -52,23 +76,6 @@ SSLSessionCacheTimeout  300
 #   SSL engine uses internally for inter-process synchronization. 
 SSLMutex  file:@exp_runtimedir@/ssl_mutex
 
-#   Pseudo Random Number Generator (PRNG):
-#   Configure one or more sources to seed the PRNG of the 
-#   SSL library. The seed data should be of good random quality.
-#   WARNING! On some platforms /dev/random blocks if not enough entropy
-#   is available. This means you then cannot use the /dev/random device
-#   because it would lead to very long connection times (as long as
-#   it requires to make more entropy available). But usually those
-#   platforms additionally provide a /dev/urandom device which doesn't
-#   block. So, if available, use this one instead. Read the mod_ssl User
-#   Manual for more details.
-SSLRandomSeed startup builtin
-SSLRandomSeed connect builtin
-#SSLRandomSeed startup file:/dev/random  512
-#SSLRandomSeed startup file:/dev/urandom 512
-#SSLRandomSeed connect file:/dev/random  512
-#SSLRandomSeed connect file:/dev/urandom 512
-
 ##
 ## SSL Virtual Host Context
 ##