Ben Sandee wrote:
> Hello Lutz and thank you for your informed response.
>
> Unfortunately I don't know exactly which version of prngd was being
> used because I'm not the first-tier responder for this issue. What
> I'm doing is preparing a portfolio of information so that we can
> analyze exactly what may have happened and how we can prevent it in
> the future.
>


From the ChangeLog of prngd it seems that hangs have been experienced
with Solaris with versions before 0.9.28 and delays in replies to queries
could occur with versions before 0.9.27. (The latest version 0.9.29 is
from July 2004 and details slowly vanish from my memory...)
> It is immensely helpful that you have explained the actual behavior of
> OpenSSL's EGD reading because it confirms that prngd was likely
> behaving unexpectedly on that particular configuration.
>
> In answer to your question about timeouts, given that the reads are
> usually on the order of 30-40 bytes. a timeout of a few seconds
> (five?) should be sufficient to allow even the most heavily-loaded
> system to respond. If prngd isn't responding in that timeframe then
> there is probably something else wrong. That said, the specific
> timeout value isn't important to me as long as a timeout does occur at
> some point so that our process continues and we can issue a reasonable
> diagnostic message.
>


I will think about it.

> For what it's worth, I had investigated setting blocking socket
> timeout recv/snd options but these don't seem to be supported on some
> (all?) platforms for UNIX Domain Sockets.
>


Yes. Hence the correct solution would be non-blocking with select()...

Best regards,
Lutz
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org