Hi

First out, thanks to Jörn Hartroth <Joern.Hartroth_at_telekom.de> and Chris
<cbayliss_at_csc.com> for bringing details and fixes for this.

This is a patch that I've just applied to my curl 6.4 and that works for
me with OpenSSL 0.9.5. My problem is that I run Linux and then this fix is
probably totally unnecessary from what I understand of the openssl docs
("On systems that provide /dev/urandom, the randomness device is used to
seed the PRNG transparently.").

It'll take me a few more weeks to release curl 6.5 (I'm off skiing next
week! B-) so this will have to do until then. As always, getting feedback
is important.

This patch is meant to work on all platforms. If you applied Jörn's patch
on your win32 sources, then go with that, if you didn't or don't run
win32, use this!

--- ssluse.c.org Thu Mar 2 08:17:06 2000
+++ ssluse.c Thu Mar 2 08:34:09 2000
@@ -43,6 +43,7 @@
 
 #include "urldata.h"
 #include "sendf.h"
+#include "formdata.h" /* for the boundary function */
 
 #ifdef USE_SSLEAY
 
@@ -162,6 +163,25 @@
     /* Lets get nice error messages */
     SSL_load_error_strings();
 
+ if(0 == RAND_status()) {
+ /* We need to seed the PRNG properly! */
+#ifdef WIN32
+ /* This one gets a random value by reading the currently shown screen */
+ RAND_screen();
+#else
+ int len;
+ char *area = MakeFormBoundary();
+ if(!area)
+ return 3; /* out of memory */
+
+ len = strlen(area);
+
+ RAND_seed(area, len);
+
+ free(area); /* now remove the random junk */
+#endif
+ }
+
     /* Setup all the global SSL stuff */
     SSLeay_add_ssl_algorithms();

--
   Daniel Stenberg - http://www.contactor.se/~dast - +46-705-44 31 77
   ech`echo xiun|tr nu oc|sed 'sx\([sx]\)\([xoi]\)xo un\2\1 is xg'`ol