[gnutls-dev] set random seed file via gnutls api

Simon Josefsson simon at josefsson.org
Fri Apr 27 14:00:05 CEST 2007


"Peter O'Gorman" <gnutls-dev at mlists.thewrittenword.com> writes:

> Hi,
> We built curl with gnutls support. It works fine, with a caveat:
> % curl --version --random-file /tmp/pogma/foo/a
> Fatal: no entropy gathering module detected
>
> There is no API in gnutls to set the random seed file (there is an api
> in libgcrypt to do so, however). It is unfortunate that on hosts
> without a /dev/random where libgcrypt has been configured to gather
> entropy from a particular socket and that socket is unavailable that
> it exits the application during gnutls library initialization.

Ouch, yes.

> Should curl be using the libgcrypt api directly to avoid this? Or
> ought there be a way to set the random file via gnutls? We're thinking
> the latter.

Yes, if libgcrypt used by GnuTLS needs help to find a random seed file
to work properly, it seems it would make sense for GnuTLS to provide an
API to set it.

/Simon




More information about the Gnutls-devel mailing list