On Sun, Nov 9, 2008 at 4:06 PM, David Schwartz <[EMAIL PROTECTED]> wrote:
> > >> So what do you want to do if you run out of entropy? > > > Fail with an error condition stating that, rather than > > the indeterminate hang in read() that was experienced. > > I believe you need to compile with EGD support then. This will get you the > behavior you want. EGD provides no way to tell whether there's entropy or > not, so if you fall back to it, and it has no entropy, you will be in > trouble. > > There really is no way to fix this in OpenSSL. If you make it really not > block, it will never succeed. It is meaningless to query a daemon without > blocking -- at some point you must wait for the daemon to reply. > I'm thinking that you meant compile *without* EGD support? OK, fair enough. We will probably rip out the default EGD support for our builds. It's only rarely used, and probably more trouble than it's worth to us. Thanks go to both you and Kyle for your continued discussion and analysis of this matter. Ben
