Move SSLRandomSeed out of the <IfDefine SSL> container to support

starting without SSL on platforms with no /dev/random equivalent
but a statically compiled-in mod_ssl. See PR: 25867

Submitted by: Rob Meyer <rob bigdis.com>

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@102179 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/docs/conf/ssl-std.conf.in b/docs/conf/ssl-std.conf.in
index 6bd410bea5459edbfa274f89aea88777f5b12fa0..4812e54197d57cc756141dfb2a25f6393f77bdec 100644 (file)
--- a/docs/conf/ssl-std.conf.in
+++ b/docs/conf/ssl-std.conf.in
@@ -8,6 +8,30 @@
 # what they do.  They're here only as hints or reminders.  If you are unsure
 # consult the online docs. You have been warned.  
 #
+
+#
+# Pseudo Random Number Generator (PRNG):
+# Configure one or more sources to seed the PRNG of the SSL library.
+# The seed data should be of good random quality.
+# WARNING! On some platforms /dev/random blocks if not enough entropy
+# is available. This means you then cannot use the /dev/random device
+# because it would lead to very long connection times (as long as
+# it requires to make more entropy available). But usually those
+# platforms additionally provide a /dev/urandom device which doesn't
+# block. So, if available, use this one instead. Read the mod_ssl User
+# Manual for more details.
+#
+# Note: This must come before the <IfDefine SSL> container to support
+#       starting without SSL on platforms with no /dev/random equivalent
+#       but a statically compiled-in mod_ssl.
+#
+SSLRandomSeed startup builtin
+SSLRandomSeed connect builtin
+#SSLRandomSeed startup file:/dev/random  512
+#SSLRandomSeed startup file:/dev/urandom 512
+#SSLRandomSeed connect file:/dev/random  512
+#SSLRandomSeed connect file:/dev/urandom 512
+
 <IfDefine SSL>
 
 #
@@ -52,23 +76,6 @@ SSLSessionCacheTimeout  300
 #   SSL engine uses internally for inter-process synchronization. 
 SSLMutex  file:@exp_runtimedir@/ssl_mutex
 
-#   Pseudo Random Number Generator (PRNG):
-#   Configure one or more sources to seed the PRNG of the 
-#   SSL library. The seed data should be of good random quality.
-#   WARNING! On some platforms /dev/random blocks if not enough entropy
-#   is available. This means you then cannot use the /dev/random device
-#   because it would lead to very long connection times (as long as
-#   it requires to make more entropy available). But usually those
-#   platforms additionally provide a /dev/urandom device which doesn't
-#   block. So, if available, use this one instead. Read the mod_ssl User
-#   Manual for more details.
-SSLRandomSeed startup builtin
-SSLRandomSeed connect builtin
-#SSLRandomSeed startup file:/dev/random  512
-#SSLRandomSeed startup file:/dev/urandom 512
-#SSLRandomSeed connect file:/dev/random  512
-#SSLRandomSeed connect file:/dev/urandom 512
-
 ##
 ## SSL Virtual Host Context
 ##