I'm pretty embarrassed to report this on the same day of the new release; I
noticed something wasn't right with SSL when setting up some automated builds
last week, but I chalked it up to problems with stunnel. It's actually a
problem with libcurl that causes all SSL connections to hang, at least
when using OpenSSL ver. 0.9.6b.

A patch last month changed the size parameter given to RAND_load_file
from 16384 to -1, which means to load the whole file. On my machine,
configure determines that the file to load is /dev/urandom, which is
infinitely long. Reverting that part of the patch fixes the problem:

diff -u -r1.129 ssluse.c
--- lib/ssluse.c 10 Feb 2005 07:45:08 -0000 1.129
+++ lib/ssluse.c 4 Mar 2005 19:13:50 -0000
@@ -169,7 +169,7 @@
     /* let the option override the define */
     nread += RAND_load_file((data->set.ssl.random_file?
                              data->set.ssl.random_file:RANDOM_FILE),
- -1); /* -1 to read the entire file */
+ 16384);
     if(seed_enough(nread))
       return nread;
   }
@@ -231,7 +231,7 @@
   RAND_file_name(buf, BUFSIZE);
   if(buf[0]) {
     /* we got a file name to try */
- nread += RAND_load_file(buf, -1);
+ nread += RAND_load_file(buf, 16384);
     if(seed_enough(nread))
       return nread;
   }

Better late than never...

>>> Dan

-- 
http://www.MoveAnnouncer.com              The web change of address service
          Let webmasters know that your web site has moved