You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@subversion.apache.org by Daniel Stenberg <da...@haxx.se> on 2001/12/14 07:31:40 UTC
Re: [neon] Re: https schema
On Thu, 13 Dec 2001, Greg Stein wrote:
> > > svn_error: #21075 : <RA layer's server request failed>
> > > neon: Could not negotiate SSL session: PRNG not seeded
> > We have some code in flood that will seed OpenSSL's PRNG with
> > some cheesy stuff based on stack variables/timings. I guess
> > we could try something similar with neon. -- justin
>
> Is the seeding issue a client problem? Or is that in mod_ssl and Neon is
> just reporting the error from the server?
>
> Oh. You mentioned flood (therefore: client side). Yes, it sounds like Neon
> has some work to do. I'm copying the Neon mailing list...
Right, this is a client-side problem.
SSL is cryptography, and the SSL engine needs a good random seed to act good.
On systems without a /dev/urandom (such as Solaris), you need to be able to
specify your own random source, like a file name with random data or an EGD
socket.
This same problem was recently just fixed in wget (GPL licensed) and I have
written code that seeds the SSL engine in curl (MIT licensed). Getting
inspiration from an already written solution is easy.
I'm willing to donate code if need be.
--
Daniel Stenberg - http://daniel.haxx.se - +46-705-44 31 77
ech`echo xiun|tr nu oc|sed 'sx\([sx]\)\([xoi]\)xo un\2\1 is xg'`ol
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: [neon] Re: https schema
Posted by Justin Erenkrantz <je...@ebuilt.com>.
On Fri, Dec 14, 2001 at 12:53:08PM -0600, Karl Fogel wrote:
> Daniel Stenberg <da...@haxx.se> writes:
> > SSL is cryptography, and the SSL engine needs a good random seed to act good.
> > On systems without a /dev/urandom (such as Solaris), you need to be able to
> > specify your own random source, like a file name with random data or an EGD
> > socket.
> >
> > This same problem was recently just fixed in wget (GPL licensed) and I have
> > written code that seeds the SSL engine in curl (MIT licensed). Getting
> > inspiration from an already written solution is easy.
> >
> > I'm willing to donate code if need be.
>
> Great!
>
> Architecturally, I'm a little unclear: should this go in Subversion,
> or in Neon?
I believe Neon since it interfaces with OpenSSL. -- justin
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: [neon] Re: https schema
Posted by Karl Fogel <kf...@newton.ch.collab.net>.
Daniel Stenberg <da...@haxx.se> writes:
> SSL is cryptography, and the SSL engine needs a good random seed to act good.
> On systems without a /dev/urandom (such as Solaris), you need to be able to
> specify your own random source, like a file name with random data or an EGD
> socket.
>
> This same problem was recently just fixed in wget (GPL licensed) and I have
> written code that seeds the SSL engine in curl (MIT licensed). Getting
> inspiration from an already written solution is easy.
>
> I'm willing to donate code if need be.
Great!
Architecturally, I'm a little unclear: should this go in Subversion,
or in Neon?
-K
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org