handling entropy source failure [change request]

i'm running Apache/mod_ssl on platforms (HP-UX, Solaris) that don't come
with a good entropy source so i've configured mod_ssl to use PRNGD as the
entropy source. i've noticed that mod_ssl does not care whether input from
the configured entropy sources (SSLRandomSeed) succeeds. i think that this
can be a problem as the Apache administrator has no way of knowing whether
the configured entropy sources are actually used or not.

IMHO the default in the 'startup' context should be to exit with an error
exit status if an entropy source fails. a more backwards compatible option
might be to keep the current behaviour but add a new directive for
selecting the entropy source failure behaviour ('SSLRandomSeedFailOnError
on|off'). if an entropy source failure is detected in the 'connect'
context an error message should be printed in error_log.

best regards,
--
aspa http://www.kronodoc.fi/

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org