Re: GnuTLS -- certtool

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Joe Orton wrote:
> On Tue, Mar 25, 2008 at 09:49:20PM -0600, Jonathan Steffan wrote:
>> Thanks Jeff. This seems to have helped some. What are we supposed to do
>> about a rpm package that needs to generate keys in %post? Just hope
>> users are patient enough?
> 
> Use something which does not consume the /dev/random entropy pool; I 
> can't see a way to make GnuTLS certtool do that, but /usr/bin/openssl 
> can.  The mod_ssl %post does:
> 
> %{_bindir}/openssl genrsa -rand /proc/apm:/proc/cpuinfo:/proc/dma:/proc/filesystems:/proc/interrupts:/proc/ioports:/proc/pci:/proc/rtc:/proc/uptime 1024 > %{sslkey} 2> /dev/null
> 
> I've been meaning to split this out into a script since the dummy 
> keypair generation is copied and pasted into several places.  The list 
> of /proc files probably needs updating too.
> 
> What package are you working on here?

mod_gnutls

http://jsteffan.fedorapeople.org/SRPMS/mod_gnutls-0.2.0-2.fc8.src.rpm

The SELinux stuff still remains, and I've come to find out that
mod_gnutls is not playing nice with mod_proxy, so I might not even end
up using mod_gnutls.

-- 
Jonathan Steffan
daMaestro
Fedora Unity - http://fedoraunity.org/
GPG Fingerprint: 93A2 3E2F DC26 5570 3472 5B16 AD12 6CE7 0D86 AF59

-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux