SSL still broken on Solaris ?
Jeremy Hylton
jeremy at alum.mit.edu
Thu May 2 10:40:35 EDT 2002
bredel at gol.com (Philippe Bredel) wrote in message news:<d1e3ecad.0205011702.8e5acb4 at posting.google.com>...
> Hi,
>
> A few months ago I was looking at SSL support in Python and decided
> to go back to this project yesterday. I was rather surprised to
> discover that socketmodule.c still doesn't call RAND_seed() despite
> the fact that the issue had been mentionned in earlier posts.
The module doesn't call or expose RAND_seed(), but it does expose
RAND_add(). You can call it explicitly in your application. It's not
possible for the module to call RAND_add() or RAND_seed() for you,
because it doesn't have any source of randomness available.
> I was initially using 1.5.2 on SunOS5.6, assumed it had been fixed
> so downloaded 2.2.1, recompiled w/ SSL support (I'm using openssl
> 0.9.6) and kept on getting the famous PRNG not seeded error message. I
> eventually found a post from Dave Beazley with his fix but the whole
> process was really painful.
> There's a usable /dev/random file on my box but I just made a
> "dirty" recompile using a fixed seed to make sure it was fixing the
> problem.
> Any plans to address this issue in the upcoming releases ? Thanks.
I don't want Python to learn how to find sources of randomness and
load them. I believe that future versions of OpenSSL will be better
about this kind of initialization; that's the right place for it to
happen. OpenSSL already does the right thing on some platforms.
Until it does the right thing on your platform, the RAND_add() call
should work.
Note that I haven't tested this on Solaris, so I'm not sure. If you
try to use RAND_add() and it still doesn't work, please submit a bug
report.
Jeremy
More information about the Python-list
mailing list