> From [EMAIL PROTECTED] Fri Mar 17 19:49 MET 2000
> Date: Fri, 17 Mar 2000 11:44:07 +0100 (MET)
> From: david manye <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: Re: SOLARIS 2.6
>
> On Fri, 17 Mar 2000, jessie wrote:
>
> >
> > I reinstalled Solaris 2.6
> > and now i'm trying to install apache 1.3.12 with SSL module.
> > I was able to compile openSSL 0.9.5 with just the default settings.
> > I ran make test on my compilation and everything worked ....
> > I then applied the mod_ssl 2.6.1 patches to the apache source tree ...
> > again no errors
> > I then configured the apach source using
> >
> > SSL_BASE=../openssl0.9.5 \
> > ./configure \
> > --enable-module=ssl \
> > --prefix=/usr/local/apache
> >
> > everything worked ... i then ran make and everything compiled
> > now i wanted to build test certificates so i ran
> > make certificates
> > then i just used all the defaults and then it asked me to enter a
> > passphrase
> > to encrypt the private key .. I entered 'test' twice then i got an
> > ERROR message:
> >
> > unable to write key
> > 26918:error:24064064:random number generator:SSLEAY_RAND_BYTES:
> > prng not seeded:md_rand.c:470:
> > mkcert.sh:Error: Failed to encrypt RSA private key
> >
> > can anyone help me?
>
> i got an error like this in a solaris 2.7+apache-1.3.12 when i configured
> openssl-0.9.5 as solaris-sparcv9-gcc.
>
> i changed that with solaris-sparcv7-gcc and it works fine.
>
> --------------------------------------
>
> david many� i robert
> departament d'enginyeria inform�tica i matem�tiques
> universitat rovira i virgili
> autovia de salou, s/n
> 43006 tarragona
>
> tel.: 977-559706
> e-mail: [EMAIL PROTECTED]
>
Acording to the FAQ #6 the solution is try a later snaphost.
What is the reason why it works with solaris-sparcv7-gcc ?
Why do I get a "PRNG not seeded" error message?
Cryptographic software needs a source of unpredictable data
to work correctly. Many open source operating systems
provide a "randomness device" that serves this purpose. On
other systems, applications have to call the RAND_add() or
RAND_seed() function with appropriate data before
generating keys or performing public key encryption.
Some broken applications do not do this. As of version
0.9.5, the OpenSSL functions that need randomness report an
error if the random number generator has not been seeded
with at least 128 bits of randomness. If this error occurs,
please contact the author of the application you are using.
It is likely that it never worked correctly. OpenSSL 0.9.5
makes the error visible by refusing to perform potentially
insecure encryption.
Most components of the openssl command line tool try to use
the file $HOME/.rnd (or $RANDFILE, if this environment
variable is set) for seeding the PRNG. If this file does
not exist or is too short, the "PRNG not seeded" error
message may occur. Note that the command "openssl rsa" in
OpenSSL 0.9.5 does not do this and will fail on systems
without /dev/urandom when trying to password-encrypt an RSA
key! This is a bug in the library; try a later snaphost
instead.
____________________________________________________________________________
Benito Mourelo Caldeiro CENTRO DE CALCULO. FACULTADE DE INFORMATICA
e-mail: [EMAIL PROTECTED] UNIVERSIDAD DE A CORUN~A (SPAIN, EU)
____________________________________________________________________________
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
