makes the operation slower and is less friendly for the network. */
CINIT(FORBID_REUSE, LONG, 75),
+ /* Set to a file name that contains random data for libcurl to use to
+ seed the random engine when doing SSL connects. */
+ CINIT(RANDOM_FILE, OBJECTPOINT, 76),
+
+ /* Set to the Entropy Gathering Daemon socket pathname */
+ CINIT(EGDSOCKET, OBJECTPOINT, 77),
+
CURLOPT_LASTENTRY /* the last unusued */
} CURLoption;
{
char *buf = conn->data->buffer; /* point to the big buffer */
int nread=0;
+ struct UrlData *data=conn->data;
/* Q: should we add support for a random file name as a libcurl option?
- A: Yes */
-#if 0
- /* something like this */
- nread += RAND_load_file(filename, number_of_bytes);
+ A: Yes, it is here */
+
+#ifndef RANDOM_FILE
+ /* if RANDOM_FILE isn't defined, we only perform this if an option tells
+ us to! */
+ if(data->ssl.random_file)
+#define RANDOM_FILE "" /* doesn't matter won't be used */
#endif
- /* generates a default path for the random seed file */
- buf[0]=0; /* blank it first */
- RAND_file_name(buf, BUFSIZE);
- if ( buf[0] ) {
- /* we got a file name to try */
- nread += RAND_load_file(buf, 16384);
+ {
+ /* let the option override the define */
+ nread += RAND_load_file((data->ssl.random_file?
+ data->ssl.random_file:RANDOM_FILE),
+ 16384);
if(seed_enough(conn, nread))
return nread;
}
-#ifdef RANDOM_FILE
- nread += RAND_load_file(RANDOM_FILE, 16384);
- if(seed_enough(conn, nread))
- return nread;
-#endif
-
-#if defined(HAVE_RAND_EGD) && defined(EGD_SOCKET)
+#if defined(HAVE_RAND_EGD)
/* only available in OpenSSL 0.9.5 and later */
- /* EGD_SOCKET is set at configure time */
+ /* EGD_SOCKET is set at configure time or not at all */
+#ifndef EGD_SOCKET
+ /* If we don't have the define set, we only do this if the egd-option
+ is set */
+ if(data->ssl.egdsocket)
+#define EGD_SOCKET "" /* doesn't matter won't be used */
+#endif
{
- int ret = RAND_egd(EGD_SOCKET);
+ /* If there's an option and a define, the option overrides the
+ define */
+ int ret = RAND_egd(data->ssl.egdsocket?data->ssl.egdsocket:EGD_SOCKET);
if(-1 != ret) {
nread += ret;
if(seed_enough(conn, nread))
#endif
}
+ /* generates a default path for the random seed file */
+ buf[0]=0; /* blank it first */
+ RAND_file_name(buf, BUFSIZE);
+ if ( buf[0] ) {
+ /* we got a file name to try */
+ nread += RAND_load_file(buf, 16384);
+ if(seed_enough(conn, nread))
+ return nread;
+ }
+
infof(conn->data, "Your connection is using a weak random seed!\n");
return nread;
}
va_start(param, option);
switch(option) {
+ case CURLOPT_RANDOM_FILE:
+ /*
+ * This is the path name to a file that contains random data to seed
+ * the random SSL stuff with. The file is only used for reading.
+ */
+ data->ssl.random_file = va_arg(param, char *);
+ break;
+ case CURLOPT_EGDSOCKET:
+ /*
+ * The Entropy Gathering Daemon socket pathname
+ */
+ data->ssl.egdsocket = va_arg(param, char *);
+ break;
case CURLOPT_MAXCONNECTS:
/*
* Set the absolute number of maximum simultaneous alive connection that
projects / curl / commitdiff