[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Help-gnutls] Re: gnutls 1.2.6 and Mozilla Firefox compatibility pro
Re: [Help-gnutls] Re: gnutls 1.2.6 and Mozilla Firefox compatibility problem
Sat, 10 Sep 2005 19:03:51 +0200
On Saturday 10 September 2005 18:53, Nikos Mavrogiannopoulos wrote:
> > My personal preference is to rely on /dev/*random for randomness. If
> > that isn't sufficient for someone, she can always point GnuTLS to
> > another device (or even file socket) and have full control without
> > bogging down the gnutls library.
> The file sockets seem like a good idea. We could still keep the libgcrypt
> PRNG, but it could run on a separate process (forked at global_init), and
> the communication would be via local sockets. I don't know how good it
> sounds... but it looks thread and fork safe.
> It also sound like a lot of work.
On second thought... Libgcrypt itself calls the PRNG internally, thus we
cannot avoid say each thread or process having it's own PRNG.
The only way to solve this is drop libgcrypt support, for some other library,
or use a custom-made libgcrypt.