From e9bfc255811256f138f9787fcc9b094df1656049 Mon Sep 17 00:00:00 2001 From: Lukas Tribus Date: Fri, 2 Feb 2024 17:33:08 +0000 Subject: [PATCH] DOC: install: clarify WolfSSL chroot requirements --- INSTALL | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/INSTALL b/INSTALL index 18eb67f31..8ebf8d298 100644 --- a/INSTALL +++ b/INSTALL @@ -293,6 +293,18 @@ Please also note that wolfSSL supports many platform-specific features that may affect performance, and that for production uses it might be a good idea to check them using "./configure --help". Please refer to the lib's documentation. +When running wolfSSL in chroot, either mount /dev/[u]random devices into the +chroot: + + $ mkdir -p /path/to/chrootdir/dev/ + $ mknod -m 444 /path/to/chrootdir/dev/random c 1 8 + $ mknod -m 444 /path/to/chrootdir/dev/urandom c 1 9 + +Or, if your OS supports it, enable the getrandom() syscall by appending the +following argument to the wolfSSL configure command: + + EXTRA_CFLAGS=-DWOLFSSL_GETRANDOM=1 + Building HAProxy with wolfSSL requires to specify the API variant on the "make" command line, for example: