Re: probleme with SSL connection with certificat ... pls help

Fri, 28 Sep 2001 07:02:26 -0700 

On Fri, 28 Sep 2001, lemble gregory wrote:

> oups i forget the files ... lol

This is the fix that Lemble Gregory did to make SSL working on his machine.
It should apply just as good on the current CVS wget too. This is required on
all machines without a working /dev/urandom as OpenSSL will otherwise refuse
to connect.

Now, why do people use patches? 2054 bytes vs 659562...

-- 
      Daniel Stenberg - http://daniel.haxx.se - +46-705-44 31 77
   ech`echo xiun|tr nu oc|sed 'sx\([sx]\)\([xoi]\)xo un\2\1 is xg'`ol

--- /home/dast/src/wget-1.7/src/gen_sslfunc.c   Sun May 27 21:34:59 2001
+++ ./gen_sslfunc.c     Tue Sep 25 15:53:04 2001
@@ -31,6 +31,7 @@
 #include <openssl/ssl.h>
 #include <openssl/err.h>
 #include <openssl/pem.h>
+#include <openssl/rand.h>
 
 #include "wget.h"
 #include "connect.h"
@@ -41,6 +42,44 @@
 
 static int verify_callback PARAMS ((int, X509_STORE_CTX *));
 
+void SSLInitPRNG()
+{
+#if SSLEAY_VERSION_NUMBER >= 0x00905100
+    if (RAND_status() == 0) {
+        char rand_file[256];
+        time_t t;
+        pid_t pid;
+        long l,seed;
+
+        t = time(NULL);
+        pid = getpid();
+        RAND_file_name(rand_file, 256);
+        if(rand_file != NULL) {
+            /* Seed as much as 1024 bytes from RAND_file_name */
+            RAND_load_file(rand_file, 1024);
+        }
+        /* Seed in time (mod_ssl does this) */
+        RAND_seed((unsigned char *)&t, sizeof(time_t));
+        /* Seed in pid (mod_ssl does this) */
+        RAND_seed((unsigned char *)&pid, sizeof(pid_t));
+        /* Initialize system's random number generator */
+        RAND_bytes((unsigned char *)&seed, sizeof(long));
+        srand48(seed);
+        while (RAND_status() == 0) {
+       /* Repeatedly seed the PRNG using the system's random number generator until 
+it has been seeded with enough data */
+            l = lrand48();
+            RAND_seed((unsigned char *)&l, sizeof(long));
+        }
+        if (rand_file != NULL) {
+            /* Write a rand_file */
+            RAND_write_file(rand_file);
+        }
+    }
+#endif /* SSLEAY_VERSION_NUMBER >= 0x00905100 */
+    return;
+}
+
+
 /* Creates a SSL Context and sets some defaults for it */
 uerr_t
 init_ssl (SSL_CTX **ctx)
@@ -66,6 +105,7 @@
                                       SSL_FILETYPE_PEM) <= 0)
        return SSLERRCERTKEY;
   }
+  SSLInitPRNG();
   return 0; /* Succeded */
 }
 
@@ -82,6 +122,9 @@
   SSL_connect (*con);  
   if ((*con)->state != SSL_ST_OK)
     return 1;
+  /*while((SSLerror=ERR_get_error())!=0)
+    printf("%s\n", ERR_error_string(SSLerror,NULL));*/
+
   return 0;
 }

Reply via email to