[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: heimdal and OpenSSL


On Thu, Jan 04, 2001 at 07:04:55PM -0600, Jacques A. Vidrine wrote:

> No questions?  This is where you got lost.  My changes do not make
> OpenSSL part of Heimdal, nor do they make Heimdal require OpenSSL.

1. If OpenSSL is not installed, then Heimdal 0.3d can be built with or
   without your modifications.
2. If OpenSSL _is_ installed, Heimdal 0.3d _cannot_ be built either with
   or without your modifications.

If you do not beleive it, _please_ try it on AIX, or on Solaris. Maybe if
you see it yourself you will beleive it.

Your modifications are basically not wrong, they are simply not enough.


> > 4. [apply the patch sent to the list before to fix the "-rpath -L no" bug]
> This has nothing to do with me.  I don't even know what this is about.

It was posted to this list not so long ago.


> Besides, if OpenSSL has a crappy PRNG on some platforms, that has
> little to do with Heimdal.  Supply your patches to the OpenSSL folks.

There is nothing wrong with the PRNG in OpenSSL. You just need to know
how it works. The basic thing: you cannot get random data from thin air,
you need to initially seed the RNG somehow. In some cases OpenSSL does
this for you; in other cases you must do it explicitly.


Gabor Gombas                                       Eotvos Lorand University
E-mail: gombasg@inf.elte.hu                        Hungary