RE: Openssl issue

2018-11-08 Thread Stewart, Larry C Sr CTR DISA JT (USA) 
Please disregard apparently Openssl does not see the /dev/random in my chroot 
directory as a valid random provider. So its off to google and oracle to see 
what it will take to make a valid /dev/random available from within the jail. 

Larry Stewart, CISSP
Contractor - Jacobs Technology
Network Engineer
Office: 520-538-4227
DSN: 879-4227
Cell phone: 520-227-8251
larry.c.stewart@mail.mil


-Original Message-
From: Stewart, Larry C Sr CTR DISA JT (USA) 
Sent: Thursday, November 8, 2018 11:12 AM
To: bind-users 
Subject: Openssl issue

I am running Solaris 10 and I downloaded bind 9.12.3 today and compiled it 
using the enable threads option, the prefix=/ option and the --without-gost 
option just as I have in the past when compiling 9.10. The compilation seems to 
go well but when I run named with -t /nithr -u nithr named fails to start and I 
get daemon.crit openssl_link.c:296: fatal error:and Openssl pseudorandom number 
generator cannot be initialized (see the 'PRNG not seeded message in the 
Openssl FAQ). Then exiting (due to fatal error in library).

My chrooted directory does contain /dev/random

Does anyone have any suggestions on how to overcome this issue?

Larry Stewart, CISSP
Contractor - Jacobs Technology
Network Engineer
Office: 520-538-4227
DSN: 879-4227
Cell phone: 520-227-8251
larry.c.stewart@mail.mil




smime.p7s
Description: S/MIME cryptographic signature
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Openssl issue

2018-11-08 Thread Howard, Christopher 
I had that exact same issue. I had to drop down to 9.11 to get it to work.

-Christopher


On Thu, 2018-11-08 at 18:12 +, Stewart, Larry C Sr CTR DISA JT (USA) wrote:

I am running Solaris 10 and I downloaded bind 9.12.3 today and compiled it 
using the enable threads option, the prefix=/ option and the --without-gost 
option just as I have in the past when compiling 9.10. The compilation seems to 
go well but when I run named with -t /nithr -u nithr named fails to start and I 
get daemon.crit openssl_link.c:296: fatal error:and Openssl pseudorandom number 
generator cannot be initialized (see the 'PRNG not seeded message in the 
Openssl FAQ). Then exiting (due to fatal error in library).


My chrooted directory does contain /dev/random


Does anyone have any suggestions on how to overcome this issue?


Larry Stewart, CISSP

Contractor - Jacobs Technology

Network Engineer

Office: 520-538-4227

DSN: 879-4227

Cell phone: 520-227-8251

larry.c.stewart@mail.mil




___

Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list


bind-users mailing list

bind-users@lists.isc.org

https://lists.isc.org/mailman/listinfo/bind-users

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Openssl issue

2018-11-08 Thread Stewart, Larry C Sr CTR DISA JT (USA) 
I am running Solaris 10 and I downloaded bind 9.12.3 today and compiled it 
using the enable threads option, the prefix=/ option and the --without-gost 
option just as I have in the past when compiling 9.10. The compilation seems to 
go well but when I run named with -t /nithr -u nithr named fails to start and I 
get daemon.crit openssl_link.c:296: fatal error:and Openssl pseudorandom number 
generator cannot be initialized (see the 'PRNG not seeded message in the 
Openssl FAQ). Then exiting (due to fatal error in library).

My chrooted directory does contain /dev/random

Does anyone have any suggestions on how to overcome this issue?

Larry Stewart, CISSP
Contractor - Jacobs Technology
Network Engineer
Office: 520-538-4227
DSN: 879-4227
Cell phone: 520-227-8251
larry.c.stewart@mail.mil




smime.p7s
Description: S/MIME cryptographic signature
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users