httpd-test-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Justin Erenkrantz <jerenkra...@ebuilt.com>
Subject Re: cvs commit: httpd-test/flood config.h.in configure.in flood_net_ssl.c
Date Mon, 06 Aug 2001 23:56:52 GMT
On Mon, Aug 06, 2001 at 04:21:33PM -0700, Aaron Bannert wrote:
> On Mon, Aug 06, 2001 at 11:16:43PM -0000, jerenkrantz@apache.org wrote:
> > jerenkrantz    01/08/06 16:16:43
> > 
> >   Modified:    flood    config.h.in configure.in flood_net_ssl.c
> >   Log:
> >   Add OpenSSL locking routines (doesn't seem to be used, but they say you
> >   should have it - okay...)
> >   
> >   Update configure to have randfile (/tmp/.rnd) and cafile (/tmp/certs.pem)
> >   to pass to OpenSSL.  These files must exist (and be valid) or OpenSSL is
> >   going to throw a hissy fit.  Also, use OpenSSL 0.9.6b by default.
> 
> On new flood installs, will these files have to be created? What are their
> contents? If we're going to be this unportable, I'm going to start using
> pthread_ calls ;)

Go blame OpenSSL.  They require these two files.  

/tmp/.rnd must be ~1024 bits of random data (some platforms don't need
it, but Solaris does).
/tmp/certs.pem must be all valid CAs that you are willing to accept.

This is slightly better than having it rely on either:
1) Constants in the flood_net_ssl.c file (RANDFILE was before)
2) Constants in the OpenSSL code (CAFILE was before)

If you don't like the paths I specified, go change it at configure 
time.  =-)  -- justin


Mime
View raw message