cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: lack of /dev/random on Solaris 6 and 8

From: Daniel Stenberg <daniel-curl_at_haxx.se>
Date: Tue, 4 May 2004 09:19:34 +0200 (CEST)

On Mon, 3 May 2004, Jerry G. Chiuan wrote:

> As we know, Solaris 6 and 8 don't carry /dev/random used by OpenSSL to
> generate random numbers my question is: how does curl support SSL on Solaris
> 6 and 8? what are the alternatives used by Curl? are they really random
> enough? are they secure?

First, I won't make any claims or warranties that curl is "secure". You need
to judge that for yourself.

The lack of a proper /dev/random is of course badness but libcurl offers
multiple different approaches to get a seed that is random enough:

o You can build libcurl with RANDOM_FILE defined to point to a file/device
  to use to get random data from.

o You can specify CURLOPT_RANDOM_FILE to a file to get random data from.

o You can build libcurl with EGD_SOCKET defined to make it connect to an EGD
  daemon to get random data from.

Or, as Seshubabu Pasam posted, you can provide a /dev/random device for your
system.

-- 
     Daniel Stenberg -- http://curl.haxx.se -- http://daniel.haxx.se
      Dedicated custom curl help for hire: http://haxx.se/curl.html
Received on 2004-05-04