cURL
Haxx ad
libcurl
Mailing Lists

curl's project page on SourceForge.net

Sponsors:
Haxx

cURL > Mailing List > Monthly Index > Single Mail

curl-tracker Archives

[ curl-Bugs-3140533 ] RAND_screen used in static libcurl_a.lib (PHP) on windows

From: SourceForge.net <noreply_at_sourceforge.net>
Date: Thu, 23 Dec 2010 13:39:27 +0000

Bugs item #3140533, was opened at 2010-12-20 07:54
Message generated for change (Comment added) made by bagder
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=3140533&group_id=976

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: libcurl
Group: portability problem
>Status: Closed
>Resolution: Fixed
Priority: 5
Private: No
Submitted By: Tanguy Pruvot (tpruvot)
Assigned to: Daniel Stenberg (bagder)
Summary: RAND_screen used in static libcurl_a.lib (PHP) on windows

Initial Comment:
Since some time, PHP init hangs some seconds on php_curl module init...

I've made some research and in fact the problem is in the static libcurl_a.lib for VC6 x86

On the init, there is some code which use RAND_screen of libeay32 to generate some random bytes used for SSL

please read http://bugs.php.net/bug.php?id=53578

----------------------------------------------------------------------

>Comment By: Daniel Stenberg (bagder)
Date: 2010-12-23 14:39

Message:
Further discussions have revealed to me that the function call was not
necessary anymore and it has now been removed and the change has been
committed to git.

Thanks, case closed!

----------------------------------------------------------------------

Comment By: Daniel Stenberg (bagder)
Date: 2010-12-20 10:25

Message:
This is not a bug, this is by design.

When using SSL we need a very strong random source, and on Windows we have
very little means to get such a one AFAIK. So OpenSSL provides an option
that uses the current screen, or whatever it is, to feed the PRNG to get a
good random.

If you have a solid and good alternative to that function call, then by
all means tell us and we can use that instead. But be aware that SSL
security rely on this to be good, Init speed is less important than a good
random as far as I'm concerned.

----------------------------------------------------------------------

Comment By: Tanguy Pruvot (tpruvot)
Date: 2010-12-20 07:58

Message:
Used this lib (7.20)
http://pecl2.php.net/downloads/php-windows-builds/php-libs/VC6/x86/

but seems the same with all last versions

----------------------------------------------------------------------

You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=3140533&group_id=976
Received on 2010-12-23

These mail archives are generated by hypermail.

donate! Page updated November 12, 2010.
web site info

File upload with ASP.NET