Home Original page

SSL still broken on Solaris ?

Jeremy Hylton jeremy at alum.mit.edu
Thu May 2 10:40:35 EDT 2002 
bredel at gol.com (Philippe Bredel) wrote in message news:<d1e3ecad.0205011702.8e5acb4 at posting.google.com>...
> Hi,
> 
>   A few months ago I was looking at SSL support in Python and decided
> to go back to this project yesterday. I was rather surprised to
> discover that socketmodule.c still doesn't call RAND_seed() despite
> the fact that the issue had been mentionned in earlier posts.

The module doesn't call or expose RAND_seed(), but it does expose
RAND_add().  You can call it explicitly in your application.  It's not
possible for the module to call RAND_add() or RAND_seed() for you,
because it doesn't have any source of randomness available.

>   I was initially using 1.5.2 on SunOS5.6, assumed it had been fixed
> so downloaded 2.2.1, recompiled w/ SSL support (I'm using openssl
> 0.9.6) and kept on getting the famous PRNG not seeded error message. I
> eventually found a post from Dave Beazley with his fix but the whole
> process was really painful.
>   There's a usable /dev/random file on my box but I just made a
> "dirty" recompile using a fixed seed to make sure it was fixing the
> problem.
>   Any plans to address this issue in the upcoming releases ? Thanks.

I don't want Python to learn how to find sources of randomness and
load them.  I believe that future versions of OpenSSL will be better
about this kind of initialization; that's the right place for it to
happen.  OpenSSL already does the right thing on some platforms. 
Until it does the right thing on your platform, the RAND_add() call
should work.

Note that I haven't tested this on Solaris, so I'm not sure.  If you
try to use RAND_add() and it still doesn't work, please submit a bug
report.

Jeremy
More information about the Python-list mailing list