Re: mod_ssl: Init: Failed to generate temporary 512 bit RSA private key
Paul wrote: Hi, all. I've been trying to add a couple of modules to my Apache, and just can't seem to get it to do it's thing. Forgive me if I tell you too much, but I'm just trying to be thorough. STEP 1: === perl Makefile.PL USE_APACI=1 USE_DSO=0 EVERYTHING=1 \ DO_HTTPD=1 SSL_BASE=/usr/local/ssl \ APACHE_SRC=../apache_1.3.12/src\ APACI_ARGS=--enable-module=ssl,--enable-module=auth_dbm,--enable-modul e=info,--enable-module=rewrite,--enable-module=usertrack This runs smoothly. STEP 2: make This, too, runs smoothly. == STEP 3: make test Here's the problem. It runs fine till t/TEST tries to spawn a server and hit it. The server fails at init because it can't generate a temporary 512 bit RSA private key. I've moved to the apache directory and run "make certificate" before the "make test", but it doesn't help. If I'm not mistaken, I had this problem when I was first installing the server, and ended up skipping the test. It installed and has been working fine. I'd just rather have a clean test before I try installing and using the new binary now that it's in production. Anybody got a suggestion? Recent versions of mod_ssl compiled for HPUX require an equivalent to Linux's /dev/random. You can get this by downloading and installing an Entropy Gathering Daemon (egd), which can be found at: http://www.lothar.com/tech/crypto/ I ran into the same problem last month upgrading my team's website, until trawling through various mailing list archives pointed me to egd. If 10.20 is anything like 11.x, this should get you through "make test" with flying colors. Apologies for being sort of off-topic here... Ges Senior Perl Hacker Ingenium Corporation
Re: mod_ssl: Init: Failed to generate temporary 512 bit RSA private key
--- Ges Seger [EMAIL PROTECTED] wrote: Paul wrote: Hi, all. I've been trying to add a couple of modules to my Apache, and just can't seem to get it to do it's thing. Forgive me if I tell you too much, but I'm just trying to be thorough. STEP 1: === perl Makefile.PL USE_APACI=1 USE_DSO=0 EVERYTHING=1 \ DO_HTTPD=1 SSL_BASE=/usr/local/ssl \ APACHE_SRC=../apache_1.3.12/src\ APACI_ARGS=--enable-module=ssl,--enable-module=auth_dbm,--enable-modul e=info,--enable-module=rewrite,--enable-module=usertrack This runs smoothly. STEP 2: make This, too, runs smoothly. == STEP 3: make test Here's the problem. It runs fine till t/TEST tries to spawn a server and hit it. The server fails at init because it can't generate a temporary 512 bit RSA private key. I've moved to the apache directory and run "make certificate" before the "make test", but it doesn't help. If I'm not mistaken, I had this problem when I was first installing the server, and ended up skipping the test. It installed and has been working fine. I'd just rather have a clean test before I try installing and using the new binary now that it's in production. Anybody got a suggestion? Recent versions of mod_ssl compiled for HPUX require an equivalent to Linux's /dev/random. You can get this by downloading and installing an Entropy Gathering Daemon (egd), which can be found at: http://www.lothar.com/tech/crypto/ I ran into the same problem last month upgrading my team's website, until trawling through various mailing list archives pointed me to egd. If 10.20 is anything like 11.x, this should get you through "make test" with flying colors. Apologies for being sort of off-topic here... Ges Senior Perl Hacker Ingenium Corporation EGD is great -- thanks for the suggestion -- but the "make test" is still no go. The OpenSSL manpage for RAND_egd (to which egd.pl docs pointed me) says if the socket is /dev/egd-pool it'll use it automatically, but it's a no-go so far. I'm at wit's end. Could it be something in the test httpd.conf? As a test I backed up the old httpd and replaced it with the new one, and it seems to be working fine. All that took less than a minute, and we're a small enough server that it was a tolerable interruption even if it hadn't worked, but I'd still like to do the install, just to update everything. Is that safe? What else does it change? __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/
[OT] make test fail [WAS mod_ssl: Init: Failed to generate temporary 512 bit RSA private key]
--- Lutz Jaenicke [EMAIL PROTECTED] wrote: On Fri, Feb 09, 2001 at 01:04:51PM -0800, Paul wrote: EGD is great -- thanks for the suggestion -- but the "make test" is still no go. The OpenSSL manpage for RAND_egd (to which egd.pl docs pointed me) says if the socket is /dev/egd-pool it'll use it automatically, but it's a no-go so far. The automatic usage is brand new and only included in the version to become 0.9.7 one fine day. If you have =0.9.6 you have to explicitly specify the place in httpd.conf SSLRandomSeed startup egd:/var/run/egd-pool First, that was exactly the problem. May you and all who contributed to its resolution receive skillfully rendered the prurient favors you prefer most from the individual(s) of your choosing. Now, I have a slightly different point of confusion. The "make test" still fails, but leaves the spawned httpd running on the test port. The error log says: [notice] Destruction-DESTROY called for $global_object [Fri Feb 9 16:29:43 2001] [warn] [notice] child_init for process 23323, report any problems to [no address given] But if I hit the port with a browser I can pull the test.shtml page with all the SSI mod_perl calls working fine. I feel a lot better about doing the install now, but I still want to know what the problem is here. FYI, there was an suexec problem before, but I think that's just because this box doesn't have a user "nobody". I edited the test httpd.conf to run as our actual server id and it was happy, at least for that. It's just that I keep coming back to various suexec problems But since the current server runs and suexec's as it should, I'm not too worried about that. I just hate leaving *any* loose ends. _ On a seperate note, the main reason I was doing the recompile was to add in mod_auth_dbm. I finally got a test directory to do a simple request for authentication by ID/password, but now I can't get it to accept my password. I built the file with Apache's dbmmanage, importing a list of id/passwords from a script which used a perl crypt() to encrypt the passwords as it fed them to dbmmanage via pipe in the specified "id:encpwd" format. Everything seems to have gone smoothly enough, but it won't accept the password. What now? :o/ The .htaccess file is: === AuthDBMUserFile /dart10/web/docs/public/test/test AuthType Basic AuthName "password test site" Require valid-user === The DBM is in the directory I'm accessing, just as a test. *sigh* __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/
mod_ssl: Init: Failed to generate temporary 512 bit RSA private key
Hi, all. I've been trying to add a couple of modules to my Apache, and just can't seem to get it to do it's thing. Forgive me if I tell you too much, but I'm just trying to be thorough. STEP 1: === perl Makefile.PL USE_APACI=1 USE_DSO=0 EVERYTHING=1 \ DO_HTTPD=1 SSL_BASE=/usr/local/ssl \ APACHE_SRC=../apache_1.3.12/src\ APACI_ARGS=--enable-module=ssl,--enable-module=auth_dbm,--enable-modul e=info,--enable-module=rewrite,--enable-module=usertrack This runs smoothly. STEP 2: make This, too, runs smoothly. == STEP 3: make test Here's the problem. It runs fine till t/TEST tries to spawn a server and hit it. The server fails at init because it can't generate a temporary 512 bit RSA private key. I've moved to the apache directory and run "make certificate" before the "make test", but it doesn't help. If I'm not mistaken, I had this problem when I was first installing the server, and ended up skipping the test. It installed and has been working fine. I'd just rather have a clean test before I try installing and using the new binary now that it's in production. Anybody got a suggestion? [ROOT] /dart26/mod_perl-1.23: uname -a HP-UX uap5 B.10.20 C 9000/891 373319211 32-user license [ROOT] /dart26/mod_perl-1.23: ../apache_1.3.12/src/httpd -V Server version: Apache/1.3.12 (Unix) Server built: Feb 8 2001 16:04:39 Server's Module Magic Number: 19990320:7 Server compiled with -D EAPI -D HAVE_SHMGET -D USE_SHMGET_SCOREBOARD -D USE_FCNTL_SERIALIZED_ACCEPT -D HTTPD_ROOT="/usr/local/apache" -D SUEXEC_BIN="/usr/local/apache/bin/suexec" -D DEFAULT_PIDLOG="logs/httpd.pid" -D DEFAULT_SCOREBOARD="logs/httpd.scoreboard" -D DEFAULT_LOCKFILE="logs/httpd.lock" -D DEFAULT_XFERLOG="logs/access_log" -D DEFAULT_ERRORLOG="logs/error_log" -D TYPES_CONFIG_FILE="conf/mime.types" -D SERVER_CONFIG_FILE="conf/httpd.conf" -D ACCESS_CONFIG_FILE="conf/access.conf" -D RESOURCE_CONFIG_FILE="conf/srm.conf" [ROOT] /dart26/mod_perl-1.23: ../apache_1.3.12/src/httpd -l Compiled-in modules: http_core.c mod_env.c mod_log_config.c mod_mime.c mod_negotiation.c mod_status.c mod_info.c mod_include.c mod_autoindex.c mod_dir.c mod_cgi.c mod_asis.c mod_imap.c mod_actions.c mod_userdir.c mod_alias.c mod_rewrite.c mod_access.c mod_auth.c mod_auth_dbm.c mod_usertrack.c mod_setenvif.c mod_ssl.c mod_perl.c suexec: disabled; invalid wrapper /usr/local/apache/bin/suexec (Also, anybody got an idea why this suexec message? is it something to worry about?) __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/