From: Stefan Sperling <stsp@apache.org>
Date: Wed, 22 Apr 2015 16:39:20 +0000 (+0000)
Subject: mod_ssl: Make the config parser complain if SSLRandomSeed specifies
X-Git-Tag: 2.5.0-alpha~3239
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=2b7c1b2b148ecd01880f60b5a4f7425bb7df07c9;p=apache

mod_ssl: Make the config parser complain if SSLRandomSeed specifies
the Entropy Gathering Daemon (EGD) as source while the underlying
SSL library does not support EGD (e.g. in case of LibreSSL).

Suggested and reviewed by: kbrand


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1675410 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/ssl/ssl_engine_config.c b/modules/ssl/ssl_engine_config.c
index cabe29ed90..7af7b907c4 100644
--- a/modules/ssl/ssl_engine_config.c
+++ b/modules/ssl/ssl_engine_config.c
@@ -574,8 +574,15 @@ const char *ssl_cmd_SSLRandomSeed(cmd_parms *cmd,
         seed->cpPath = ap_server_root_relative(mc->pPool, arg2+5);
     }
     else if ((arg2len > 4) && strEQn(arg2, "egd:", 4)) {
+#ifdef HAVE_RAND_EGD
         seed->nSrc   = SSL_RSSRC_EGD;
         seed->cpPath = ap_server_root_relative(mc->pPool, arg2+4);
+#else
+        return apr_pstrcat(cmd->pool, "Invalid SSLRandomSeed entropy source `",
+                           arg2, "': This version of " MODSSL_LIBRARY_NAME
+                           " does not support the Entropy Gathering Daemon "
+                           "(EGD).", NULL);
+#endif
     }
     else if (strcEQ(arg2, "builtin")) {
         seed->nSrc   = SSL_RSSRC_BUILTIN;