From: Erik Abele Date: Mon, 19 Jan 2004 18:07:40 +0000 (+0000) Subject: Backport: X-Git-Tag: 2.0.49~205 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0b07e0062a08c1d136d97e6a5a664963889be6da;p=thirdparty%2Fapache%2Fhttpd.git Backport: Move SSLRandomSeed out of the container to support starting without SSL on platforms with no /dev/random equivalent but a statically compiled-in mod_ssl. PR: 25867 Submitted by: Rob Meyer Reviewed by: erikabele, nd, trawick Obtained from: git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/APACHE_2_0_BRANCH@102376 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/STATUS b/STATUS index a66546e07fd..c271ccbea4f 100644 --- a/STATUS +++ b/STATUS @@ -1,5 +1,5 @@ APACHE 2.0 STATUS: -*-text-*- -Last modified at [$Date: 2004/01/14 21:55:37 $] +Last modified at [$Date: 2004/01/19 18:07:39 $] Release: @@ -112,12 +112,6 @@ PATCHES TO BACKPORT FROM 2.1 nd asks: Should we make it runtime configurable either to 400, drop the fragment or just treat it as part of the filename? - * Move SSLRandomSeed out of the container to support - starting without SSL on platforms with no /dev/random equivalent - but a statically compiled-in mod_ssl. PR: 25867 - http://cvs.apache.org/viewcvs.cgi/httpd-2.0/docs/conf/ssl-std.conf.in?r1=1.4&r2=1.5 - +1: erikabele, nd, trawick - * Fix segfault in mod_mem_cache cache_insert() due to cache size becoming negative. PR: 21285, 21287 http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/experimental/mod_mem_cache.c?r1=1.99&r2=1.100 diff --git a/docs/conf/ssl-std.conf.in b/docs/conf/ssl-std.conf.in index 5819b5a3c84..748f60c6430 100644 --- a/docs/conf/ssl-std.conf.in +++ b/docs/conf/ssl-std.conf.in @@ -8,6 +8,30 @@ # what they do. They're here only as hints or reminders. If you are unsure # consult the online docs. You have been warned. # + +# +# Pseudo Random Number Generator (PRNG): +# Configure one or more sources to seed the PRNG of the SSL library. +# The seed data should be of good random quality. +# WARNING! On some platforms /dev/random blocks if not enough entropy +# is available. This means you then cannot use the /dev/random device +# because it would lead to very long connection times (as long as +# it requires to make more entropy available). But usually those +# platforms additionally provide a /dev/urandom device which doesn't +# block. So, if available, use this one instead. Read the mod_ssl User +# Manual for more details. +# +# Note: This must come before the container to support +# starting without SSL on platforms with no /dev/random equivalent +# but a statically compiled-in mod_ssl. +# +SSLRandomSeed startup builtin +SSLRandomSeed connect builtin +#SSLRandomSeed startup file:/dev/random 512 +#SSLRandomSeed startup file:/dev/urandom 512 +#SSLRandomSeed connect file:/dev/random 512 +#SSLRandomSeed connect file:/dev/urandom 512 + # @@ -52,23 +76,6 @@ SSLSessionCacheTimeout 300 # SSL engine uses internally for inter-process synchronization. SSLMutex file:@exp_runtimedir@/ssl_mutex -# Pseudo Random Number Generator (PRNG): -# Configure one or more sources to seed the PRNG of the -# SSL library. The seed data should be of good random quality. -# WARNING! On some platforms /dev/random blocks if not enough entropy -# is available. This means you then cannot use the /dev/random device -# because it would lead to very long connection times (as long as -# it requires to make more entropy available). But usually those -# platforms additionally provide a /dev/urandom device which doesn't -# block. So, if available, use this one instead. Read the mod_ssl User -# Manual for more details. -SSLRandomSeed startup builtin -SSLRandomSeed connect builtin -#SSLRandomSeed startup file:/dev/random 512 -#SSLRandomSeed startup file:/dev/urandom 512 -#SSLRandomSeed connect file:/dev/random 512 -#SSLRandomSeed connect file:/dev/urandom 512 - ## ## SSL Virtual Host Context ##