Re: Hang with, SSLRandomSeed startup file:/dev/urandom

Fri, 1 Oct 1999 12:57:16 -0700 

On Fri, Oct 01, 1999, Daniel Sutcliffe wrote:

> > On Thu, Sep 30, 1999, Daniel Sutcliffe wrote: 
> > > When I specify:
> > >   SSLRandomSeed startup file:/dev/urandom
> > > in the .conf the server never gets past:
> > >    ...
> > >   [info]  Init: Reinitializing OpenSSL library
> > >   [trace] Inter-Process Session Cache (DBM) Expiry: old: 0, new: 0,
> > > removed: 0
> > > in the ssl_engine_log with:
> > >   SSLLogLevel debug
> 
> To which "Ralph S. Engelschall" replied:
>  
> > Err... I appreciate that you have a look at
> > the httpd.conf-dist filem, first:
> 
> Erm... yes whoops!  Aren't examples and documentation a wonderful
> thing;-)
> 
> I'd actually looked at the source later and found that the behavior
> when no count was given was to read the whole file.
> "What Count?", I thought...  "aaah that explains it"
> 
> Would it be worth mentioning in the documentation that the default
> behavior of leaving off the count is to read the whole file.  Just
> for the next idiot like me that comes along.

This _IS_ already mentioned in the documentation:

| <p>
| <li><code>file:/path/to/source</code>
|     <p>
|     This variant uses an external file <code>/path/to/source</code> as the
|     source for seeding the PRNG. When <em>bytes</em> is specified, only the
|     first <em>bytes</em> number of bytes of the file form the entropy (and
|     <em>bytes</em> is given to <code>/path/to/source</code> as the first
|     argument). When <em>bytes</em> is not specified the whole file forms the
|     entropy (and <code>0</code> is given to <code>/path/to/source</code> as
|     the first argument). Use this especially at startup time, for instance

But as you discovered yourself, even documenting it explicitly doesn't prevent
us from receiving problem reports of people who insist to not read the
documentation carefully enough :-(

You would be surprised that I guess that 50% of all problem reports could be
avoided by the submitter if he first would have read the documentation more
carefully. I usually document really everything, but people seem to not expect
this... ;)
                                       Ralf S. Engelschall
                                       [EMAIL PROTECTED]
                                       www.engelschall.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to