Re: problem using s_client on hpux

Wed, 15 Nov 2000 17:12:40 -0800 

Dean Guenther wrote:
> 
> 
> unable to load 'random state'
> This means that the random number generator has not been seeded
> with much random data.
> Consider setting the RANDFILE environment variable to point at a file that
> 'random' data can be kept in (the file will be overwritten).
> CONNECTED(00000003)
> depth=0 /C=US/ST=Washington/L=Pullman/O=Washington State University/OU=Information 
>Technology/OU=Terms of use at www.verisign.com/RPA (c)99/CN=www.dceweb.it.wsu.edu
> verify error:num=20:unable to get local issuer certificate
> verify return:1
> depth=0 /C=US/ST=Washington/L=Pullman/O=Washington State University/OU=Information 
>Technology/OU=Terms of use at www.verisign.com/RPA (c)99/CN=www.dceweb.it.wsu.edu
> verify error:num=27:certificate not trusted
> verify return:1
> depth=0 /C=US/ST=Washington/L=Pullman/O=Washington State University/OU=Information 
>Technology/OU=Terms of use at www.verisign.com/RPA (c)99/CN=www.dceweb.it.wsu.edu
> verify error:num=21:unable to verify the first certificate
> verify return:1
> 24293:error:24064064:random number
> generator:SSLEAY_RAND_BYTES:PRNG not seeded:md_rand.c:474:You need to read the 
>OpenSSL FAQ, http://www.openssl.org/support/faq.html
> 
> I read the FAQ and documentation on verify, but I can't
> figure out from the documentation how to fix the certificate
> problem. 

The PRNG not seeded is the fatal error that's causing this to fail.

The certificate problem is a warning, you may well be getting it on
Linux too. You can get rid of it by including the path to you 'certs'
directory with the -CApath option unless the server uses a nonstandard
CA.

Steve.
-- 
Dr Stephen N. Henson.   http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED] 
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the   OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to