[gnutls-dev] set random seed file via gnutls api
Simon Josefsson
simon at josefsson.org
Fri Apr 27 14:00:05 CEST 2007
"Peter O'Gorman" <gnutls-dev at mlists.thewrittenword.com> writes:
> Hi,
> We built curl with gnutls support. It works fine, with a caveat:
> % curl --version --random-file /tmp/pogma/foo/a
> Fatal: no entropy gathering module detected
>
> There is no API in gnutls to set the random seed file (there is an api
> in libgcrypt to do so, however). It is unfortunate that on hosts
> without a /dev/random where libgcrypt has been configured to gather
> entropy from a particular socket and that socket is unavailable that
> it exits the application during gnutls library initialization.
Ouch, yes.
> Should curl be using the libgcrypt api directly to avoid this? Or
> ought there be a way to set the random file via gnutls? We're thinking
> the latter.
Yes, if libgcrypt used by GnuTLS needs help to find a random seed file
to work properly, it seems it would make sense for GnuTLS to provide an
API to set it.
/Simon
More information about the Gnutls-devel
mailing list