[Python-bugs-list] [ python-Bugs-620921 ] urllib fails HTTPS - no SSL PRNG entropy
noreply@sourceforge.net
noreply@sourceforge.net
Fri, 11 Oct 2002 08:42:39 -0700
Bugs item #620921, was opened at 2002-10-09 18:23
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=620921&group_id=5470
Category: Python Library
Group: Python 2.2.1
>Status: Closed
>Resolution: Wont Fix
Priority: 5
Submitted By: Luke Kenneth Casson Leighton (lkcl)
Assigned to: Nobody/Anonymous (nobody)
Summary: urllib fails HTTPS - no SSL PRNG entropy
Initial Comment:
solaris is stupid: it doesn't have a /dev/random or a
/dev/urandom.
therefore, openssl relies on the application to
initialise the PRNG.
the standard python library urllib.py (urlretrieve)
will therefore
fail to operate due to urllib.py not, itself, calling
socket.RAND_egd()
or RAND_add() as done in the test/test_socket_ssl.py
code as
an example.
----------------------------------------------------------------------
>Comment By: Jeremy Hylton (jhylton)
Date: 2002-10-11 15:42
Message:
Logged In: YES
user_id=31392
There's nothing Python can do by default to cope with a
system where OpenSSL doesn't initialize the PRNG by itself.
So users must either upgrade to a version of OpenSSL that
does the initialization or do its themselves (perhaps in a
PYTHONSTARTUP script).
----------------------------------------------------------------------
Comment By: Martin v. Löwis (loewis)
Date: 2002-10-10 15:07
Message:
Logged In: YES
user_id=21627
Invoking RAND_egd is not possible, since we don't know the
EGD connect string. The test deliberately passes 1 to cause
a TypeError.
Invoking RAND_add should not be done, since we cannot come
up with a random string.
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=620921&group_id=5470