https://bz.apache.org/bugzilla/show_bug.cgi?id=65159
--- Comment #28 from Joe Orton <[email protected]> --- (In reply to Michael Kaufmann from comment #27) > If you want to replace the implementation of mod_unique_id, a simple > approach would be to generate the whole ID with pseudo-random bytes, like > other web servers do. Unfortunately there is no fast APR function available > to generate pseudo-random bytes (e.g. reading from /dev/urandom on Linux), > just like there is no APR function available for real thread local storage. Yes, I wondered about this too. But there is apr_generate_random_bytes(), also httpd has an RNG exposed via ap_random_*, plus we even have access to a UUID generator via apr_uuid_ which (should) be plugged through to getrandom() etc. Having mod_ssl generate UNIQUE_ID via RAND_bytes() would also be a simpler alternative. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
