From 2b7c1b2b148ecd01880f60b5a4f7425bb7df07c9 Mon Sep 17 00:00:00 2001
From: Stefan Sperling <stsp@apache.org>
Date: Wed, 22 Apr 2015 16:39:20 +0000
Subject: [PATCH] mod_ssl: Make the config parser complain if SSLRandomSeed
 specifies the Entropy Gathering Daemon (EGD) as source while the underlying
 SSL library does not support EGD (e.g. in case of LibreSSL).

Suggested and reviewed by: kbrand


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1675410 13f79535-47bb-0310-9956-ffa450edef68
---
 modules/ssl/ssl_engine_config.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/modules/ssl/ssl_engine_config.c b/modules/ssl/ssl_engine_config.c
index cabe29ed90..7af7b907c4 100644
--- a/modules/ssl/ssl_engine_config.c
+++ b/modules/ssl/ssl_engine_config.c
@@ -574,8 +574,15 @@ const char *ssl_cmd_SSLRandomSeed(cmd_parms *cmd,
         seed->cpPath = ap_server_root_relative(mc->pPool, arg2+5);
     }
     else if ((arg2len > 4) && strEQn(arg2, "egd:", 4)) {
+#ifdef HAVE_RAND_EGD
         seed->nSrc   = SSL_RSSRC_EGD;
         seed->cpPath = ap_server_root_relative(mc->pPool, arg2+4);
+#else
+        return apr_pstrcat(cmd->pool, "Invalid SSLRandomSeed entropy source `",
+                           arg2, "': This version of " MODSSL_LIBRARY_NAME
+                           " does not support the Entropy Gathering Daemon "
+                           "(EGD).", NULL);
+#endif
     }
     else if (strcEQ(arg2, "builtin")) {
         seed->nSrc   = SSL_RSSRC_BUILTIN;
-- 
2.40.0