diff --git a/doc/ChangeLog b/doc/ChangeLog index b64426e2..c2fa84c0 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,3 +1,7 @@ +2005-04-27 Hrvoje Niksic + + * wget.texi (HTTPS (SSL/TLS) Options): Document --random-file. + 2005-04-27 Hrvoje Niksic * wget.texi: Improve wording of command descriptions. diff --git a/doc/wget.texi b/doc/wget.texi index 940cecff..671310c0 100644 --- a/doc/wget.texi +++ b/doc/wget.texi @@ -1385,6 +1385,24 @@ it allows Wget to fetch certificates on demand. Without this option Wget looks for CA certificates at the system-specified locations, chosen at OpenSSL installation time. +@cindex entropy, specifying source of +@cindex randomness, specifying source of +@item --random-file=@var{file} +Use @var{file} as the source of random data for seeding the +pseudo-random number generator on systems without @file{/dev/random}. + +On such systems the SSL library needs an external source of randomness +to initialize. Randomness may be provided by EGD (see +@samp{--egd-file} below) or read from an external source specified by +the user. If this option is not specified, Wget looks for random data +in @code{$RANDFILE} or, if that is unset, in @file{$HOME/.rnd}. If +none of those are available, it is likely that SSL encryption will not +be usable. + +If you're getting the ``Could not seed OpenSSL PRNG; disabling SSL.'' +error, you should provide random data using some of the methods +described above. + @cindex EGD @item --egd-file=@var{file} Use @var{file} as the EGD socket. EGD stands for @dfn{Entropy @@ -2695,6 +2713,10 @@ mbytes (@samp{m} appended). Thus @samp{quota = 5m} will set the quota to 5 megabytes. Note that the user's startup file overrides system settings. +@item random_file = @var{file} +Use @var{file} as a source of randomness on systems lacking +@file{/dev/random}. + @item read_timeout = @var{n} Set the read (and write) timeout---the same as @samp{--read-timeout=@var{n}}.