psql+openssl+uniware7

Olivier PRENANT writes:

I'm sorry I don't have a clue how to make a clean patch. I guess
real patch would involve configure testing for /dev/?random then all
"standard places" according to openssl for prng sockets then isse
eventually RAND_egd.

Shouldn't this be handled by the OpenSSL configuration?

--
Peter Eisentraut peter_e@gmx.net http://funkturm.homeip.net/~peter

On Thu, 21 Jun 2001, Peter Eisentraut wrote:

Olivier PRENANT writes:

I'm sorry I don't have a clue how to make a clean patch. I guess
real patch would involve configure testing for /dev/?random then all
"standard places" according to openssl for prng sockets then isse
eventually RAND_egd.

Shouldn't this be handled by the OpenSSL configuration?

Not yet, opensl-0.9.7 will detect egd. Until then, client has to seed
prng.

--
Olivier PRENANT Tel: +33-5-61-50-97-00 (Work)
Quartier d'Harraud Turrou +33-5-61-50-97-01 (Fax)
31190 AUTERIVE +33-6-07-63-80-64 (GSM)
FRANCE Email: ohp@pyrenet.fr
------------------------------------------------------------------------------
Make your life a dream, make your dream a reality. (St Exupery)

Olivier PRENANT <ohp@pyrenet.fr> writes:

Shouldn't this be handled by the OpenSSL configuration?

Not yet, opensl-0.9.7 will detect egd. Until then, client has to seed
prng.

I think we shouldn't patch our code to work around an openssl bug that
will go away soon anyway.

regards, tom lane

I was afraid you would say that.

As a user of postgresql for many years, one thing I love is that it's
multi-platform.

Unfortunatly, not all platforms have /dev/urandom.

here is part of openssl doc (RAND_add.pod)

OpenSSL makes sure that the PRNG state is unique for each thread. On
systems that provide C</dev/urandom>, the randomness device is used
to seed the PRNG transparently. However, on all other systems, the
application is responsible for seeding the PRNG by calling RAND_add(),
L<RAND_egd(3)|RAND_egd(3)>
or L<RAND_load_file(3)|RAND_load_file(3)>.

It clearly states that THE APPLICATION (psql) is responsible for seedinf
the PRNG. ISTM, saying it's a bug of openssl when it's IN THE DOC seems a
bit "unnice".

Even openssh (widely used) seeds PRNG itself.

I'm not trying to start a war, I love Postgresql too much for that, but
just say, I'll TRY to come up with a patch.

Regards,

On Fri, 22 Jun 2001, Tom Lane wrote:

Olivier PRENANT <ohp@pyrenet.fr> writes:

Shouldn't this be handled by the OpenSSL configuration?

Not yet, opensl-0.9.7 will detect egd. Until then, client has to seed
prng.

I think we shouldn't patch our code to work around an openssl bug that
will go away soon anyway.

regards, tom lane

--
Olivier PRENANT Tel: +33-5-61-50-97-00 (Work)
Quartier d'Harraud Turrou +33-5-61-50-97-01 (Fax)
31190 AUTERIVE +33-6-07-63-80-64 (GSM)
FRANCE Email: ohp@pyrenet.fr
------------------------------------------------------------------------------
Make your life a dream, make your dream a reality. (St Exupery)

Olivier PRENANT writes:

It clearly states that THE APPLICATION (psql) is responsible for seedinf
the PRNG. ISTM, saying it's a bug of openssl when it's IN THE DOC seems a
bit "unnice".

Might be better if libpq would handle this.

--
Peter Eisentraut peter_e@gmx.net http://funkturm.homeip.net/~peter

On Sat, 23 Jun 2001, Peter Eisentraut wrote:

Olivier PRENANT writes:

It clearly states that THE APPLICATION (psql) is responsible for seedinf
the PRNG. ISTM, saying it's a bug of openssl when it's IN THE DOC seems a
bit "unnice".

Might be better if libpq would handle this.

I can't agree more. That's why I changes fe-connect.c (it works ok) The
only thing if to write a propper patch!!

Regards,

--
Olivier PRENANT Tel: +33-5-61-50-97-00 (Work)
Quartier d'Harraud Turrou +33-5-61-50-97-01 (Fax)
31190 AUTERIVE +33-6-07-63-80-64 (GSM)
FRANCE Email: ohp@pyrenet.fr
------------------------------------------------------------------------------
Make your life a dream, make your dream a reality. (St Exupery)