Menu
▾
▴
#10 fix for SSL patch to 3.1.6
I applied the SSL patch from ftp://ftp.ccsf.org/htdig-
patches/3.1.6/ssl.9 to the VMS port, and hit the following
showstopper:
On platforms without a /dev/u?random device
or an EGD daemon (e.g. VMS ;-), the SSL PRNG is seeded from a file.
For this to work, the application must call RAND_load_file() or else
a connect fails with an "PRNG not seeded" error message (new
behaviour since OpenSSL 0.9.5). When I insert this call into
htlib/Connection.cc's Connection::initSSL, SSL connections do
work.
Update to ssl.9 patch
Logged In: YES
user_id=327319
Here is a patch backported from the VMS port. Based on ssl.9, it
implements
- conditional compilation governed by the HAVE_SSL
macro
- conditional inclusion of the RAND_load_file() governed by
the SSL_NEED_RANDFILE macro
- uses the more recent SSL API
-
prints SSL error messages when a connect fails