Hi

First out, thanks to J�rn Hartroth <Joern.Hartroth_at_telekom.de> and Chris
<cbayliss_at_csc.com> for bringing details and fixes for this.

This is a patch that I've just applied to my curl 6.4 and that works for
me with OpenSSL 0.9.5. My problem is that I run Linux and then this fix is
probably totally unnecessary from what I understand of the openssl docs
("On systems that provide /dev/urandom, the randomness device is used to
seed the PRNG transparently.").

It'll take me a few more weeks to release curl 6.5 (I'm off skiing next
week! B-) so this will have to do until then. As always, getting feedback
is important.

This patch is meant to work on all platforms. If you applied J�rn's patch
on your win32 sources, then go with that, if you didn't or don't run
win32, use this!

--- ssluse.c.org Thu Mar 2 08:17:06 2000
+++ ssluse.c Thu Mar 2 08:34:09 2000
@@ -43,6 +43,7 @@
 
 #include "urldata.h"
 #include "sendf.h"
+#include "formdata.h" /* for the boundary function */
 
 #ifdef USE_SSLEAY
 
@@ -162,6 +163,25 @@
     /* Lets get nice error messages */
     SSL_load_error_strings();
 
+ if(0 == RAND_status()) {
+ /* We need to seed the PRNG properly! */
+#ifdef WIN32
+ /* This one gets a random value by reading the currently shown screen */
+ RAND_screen();
+#else
+ int len;
+ char *area = MakeFormBoundary();
+ if(!area)
+ return 3; /* out of memory */
+
+ len = strlen(area);
+
+ RAND_seed(area, len);
+
+ free(area); /* now remove the random junk */
+#endif
+ }
+
     /* Setup all the global SSL stuff */
     SSLeay_add_ssl_algorithms();

--
   Daniel Stenberg - http://www.contactor.se/~dast - +46-705-44 31 77
   ech`echo xiun|tr nu oc|sed 'sx\([sx]\)\([xoi]\)xo un\2\1 is xg'`ol