View Issue Details

IDProjectCategoryView StatusLast Update
0000835OXID eShop (all versions)1. ----- eShop frontend -----public2012-12-10 14:37
Reportermarco_steinhaeuser Assigned To 
PrioritynormalSeverityminorReproducibilityalways
Status resolvedResolutionfixed 
Product Version4.1.1 revision 18442 
Fixed in Version4.1.6 revision 22740 
Summary0000835: define a fallback if /dev/urandom doesn't exist
DescriptionOn some servers, you get an error message logging into openID:

Fatal error: Define Auth_OpenID_RAND_SOURCE as null to continue with an insecure random number generator. in /var/www/vhosts/demo.shirtnetwork.de/httpdocs/oxid/die-shirttuner/core/openid/Auth/OpenID/CryptUtil.php on line 52

Define a fallback to use a different method. The solution is here:
http://www.oxid-esales.com/de/resources/forum/allgemeines/fatal-error-define-auth-openid-rand-source-null-continue-insecure-random
TagsNo tags attached.
Theme
BrowserAll
PHP Version5.2.6
Database Version5.0.33

Activities

arvydas_vapsva

2009-08-24 14:47

reporter   ~0001498

fixed problem and added possibility to define custom path:

    if ( !defined('Auth_OpenID_RAND_SOURCE') ) {
        if ( $sRandSource = oxConfig::getInstance()->getConfigParam( 'sAuthOpenIdRandSource' ) ) {
            define( 'Auth_OpenID_RAND_SOURCE', $sRandSource );
        } elseif ( PHP_OS == 'WINNT' || ( @fopen( '/dev/urandom', 'r' ) === false ) ) {
            /**
             * in case shop runs on windows or other system, which does not have '/dev/urandom'
             */
            define( 'Auth_OpenID_RAND_SOURCE', null );
        }
    }

arvydas_vapsva

2009-08-24 14:48

reporter   ~0001499

Last edited: 2009-08-24 14:48

To define 'Auth_OpenID_RAND_SOURCE' (filename for a source of random bytes) add parameter to config.inc.php file:

    $this->sAuthOpenIdRandSource = '/dev/urandom';

Set this field and its value according to your server configuration.