From b534dfbf3b18f9ac9c104a5dcd06d80ecd6dc485 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Beh=C3=BAn?= Date: Tue, 17 Nov 2015 18:19:23 +0100 Subject: [PATCH] Remove support for RAND_egd The EGD daemon has not seen a release since 13 years which for cryptographic software is not an acceptable timeframe. LibreSSL has dropped support for RAND_egd. Also see http://bugzilla.elinks.cz/show_bug.cgi?id=1146 Signed-off-by: Marek Behun --- src/network/ssl/ssl.c | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/src/network/ssl/ssl.c b/src/network/ssl/ssl.c index 693ac37..70c4744 100644 --- a/src/network/ssl/ssl.c +++ b/src/network/ssl/ssl.c @@ -80,15 +80,8 @@ init_openssl(struct module *module) { unsigned char f_randfile[PATH_MAX]; - /* In a nutshell, on OS's without a /dev/urandom, the OpenSSL library - * cannot initialize the PRNG and so every attempt to use SSL fails. - * It's actually an OpenSSL FAQ, and according to them, it's up to the - * application coders to seed the RNG. -- William Yodlowsky */ - if (RAND_egd(RAND_file_name(f_randfile, sizeof(f_randfile))) < 0) { - /* Not an EGD, so read and write to it */ - if (RAND_load_file(f_randfile, -1)) - RAND_write_file(f_randfile); - } + if (RAND_load_file(f_randfile, -1)) + RAND_write_file(f_randfile); SSLeay_add_ssl_algorithms(); context = SSL_CTX_new(SSLv23_client_method()); -- 2.4.10