cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: Re: OpenSSL 0.9.5

From: Hartroth, Jörn <Joern.Hartroth_at_telekom.de>
Date: Tue, 29 Feb 2000 20:40:17 +0100

... and the fix, thanx to Ulf Möller from the openssl development team.
It appears that curl never "correctly" :) initialized openssl in that it
didn't call RAND_seed() or RAND_add() before SSLeay_add_ssl_algorithms()
inside lib/ssluse.c.
I'm appending the appropriate patch for Windows (based on RAND_screen()),
however, the correct solution for Unix should be based on RAND_[seed|add]()
and is left for Daniel as an easy exercise :-).
BTW this is documented in the openssl 0.9.5 FAQ.
Remains only to say that curl-6.5pre1 works nicely on this version of
openssl 0.9.5.

Cheers,
    Joern

> -----Original Message-----
> From: "Hartroth, Jörn" [mailto:Joern.Hartroth_at_telekom.de]
> Sent: Tuesday, February 29, 2000 5:56 PM
> To: 'curl_at_contactor.se'
> Subject: Re: OpenSSL 0.9.5
>
>
> Hm,
>
> experiencing some problems here on Win32/MingW32 apparently
> related to initialization of the pseudo random number
> generator in openssl 0.9.5.
> I'm getting the error message
>
> curl: (35) SSL: error:24064064:random number
> generator:SSLEAY_RAND_BYTES:prng not seeded
>
> from curl-6.5pre1.
> Maybe something has to be changed in curl's ssl init calls?
>
> Cheers,
> Joern
>

*** ssluse.c.org Tue Feb 29 20:19:36 2000
--- ssluse.c Tue Feb 29 20:37:02 2000
***************
*** 162,167 ****
--- 162,174 ----
      /* Lets get nice error messages */
      SSL_load_error_strings();
  
+ /* Initialize OpenSSL's pseudo random number seed */
+ #ifdef WIN32
+ RAND_screen();
+ #elseif
+ /* Whatever works on unix */
+ #end
+
      /* Setup all the global SSL stuff */
      SSLeay_add_ssl_algorithms();
Received on 2000-02-29