prng no seeded

Fri, 3 Mar 2000 09:25:22 -0800 

Hi folks:

  I seen a lot of discussion about "PRNG not seeded" error message in
this discussion board but no one have really explain (in detail) how to
fix this.  Compilation for OpenSSL 0.9.5 is a breeze and I'm able to run 
the program in the test directory successfully without any problem.

  Now I'm a little confuse about the context of RAND_* in FAQ #6.  I installed
both EGD as well as librand but I am still getting the random number generator 
has not been seeded error.  Can someone explain more about how this actually 
works?  I did the following after I have successfully compile openssl 0.9.5

% openssl s_client connect www.openssl.org:443

and I got the following error:

unable to load 'random state'
This means that the random number generator has not been seeded 
with much random data.
Consider setting the RANDFILE environment variable to point at a file that
'random' data can be kept in (the file will be overwritten).
CONNECTED(00000004)
depth=0 /C=DE/ST=Bavaria/L=Munich/O=Ralf S. Engelschall/OU=Security Services 
Division/CN=www.engelschall.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=DE/ST=Bavaria/L=Munich/O=Ralf S. Engelschall/OU=Security Services 
Division/CN=www.engelschall.com
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=DE/ST=Bavaria/L=Munich/O=Ralf S. Engelschall/OU=Security Services 
Division/CN=www.engelschall.com
verify error:num=21:unable to verify the first certificate
verify return:1
20013:error:24064064:random number generator:SSLEAY_RAND_BYTES:prng not 
seeded:md_rand.c:470:
20013:error:05067003:Diffie-Hellman routines:DH_generate_key:BN lib:dh_key.c:148:
20013:error:14098005:SSL routines:SSL3_SEND_CLIENT_KEY_EXCHANGE:bad asn1 object 
header:s3_clnt.c:1403:

The FAQ refer that some broken application is broken and do not call the
RAND_add() or RAND_seed() function.  What application is this refering
to?  Are we talking about the webserver or the openssl app is broken?

-KHY

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to