[Dovecot] Dovecot, Fedora, SSL
Timo Sirainen
tss at iki.fi
Mon May 10 22:17:51 EEST 2004
On Mon, 2004-05-10 at 21:23, Benjamin J. Weiss wrote:
> Thanks, but I received an email pointing out an SSL problem with Fedora and
> dovecot:
>
> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=115284
Well, I finally looked at what Fedora's OpenSSL package looks like. It
has at least this patch which doesn't work if Dovecot is chrooted. I'm
not really sure when ICA is really called though.
Actually there's a bug in that patch, if open() fails rfd = -1. The
check should be if (rfd == -1), not if (rfd)..
Maybe it would work with that fix? Anyone want to try?
--- openssl-0.9.7a/libica-1.3.5/src/prand.c.urandom 2003-07-10 16:09:35.000000000 -0400
+++ openssl-0.9.7a/libica-1.3.5/src/prand.c 2003-10-24 01:59:53.000000000 -0400
@@ -421,11 +421,26 @@
*/
+ /*
+ ** Change 10/24/03 PK: Use /dev/urandom instead.
+ */
static unsigned char get_byte(u_int32 *array5, int current_byte)
{
-
u_int32 val;
+ static int rfd = 0; /* File descriptor to /dev/urandom */
+ unsigned char retval;
+
+ if (!rfd) {
+ rfd = open("/dev/urandom", O_RDONLY);
+ }
+
+ /* If we have a valid fd for /dev/urandom then use it */
+ if (rfd) {
+ read(rfd, &retval, 1);
+ return retval;
+ }
+ /* Otherwise use the old pseudo random number generator */
val = *(array5 + current_byte/4);
current_byte %= 4;
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20040510/7c390a39/attachment.pgp
More information about the dovecot
mailing list