hi i'm problems starting Apache v1.3.19 compiled with mod_ssl v2.8.1-1.3.19 (OpenSSL v0.9.6) on HP-UX B.11.00 and SunOS v5.6 platforms. Apache starts normally the mod_ssl SSL configuration is read (-DSSL option), but when Apache is started without reading the SSL configs i get the following error message: [error] mod_ssl: Init: Failed to generate temporary 512 bit RSA private key this message isn't very informative and i'd like to suggest the attached patch which gives a bit more detailed error message on what's going on. according to ERR_get_error() RSA key generation fails because the pseudo-random number generator ('PRNG not seeded') hasn't been seeded. to my understanding this is because in our configuration SSLRandomSeed-directives are only read in if -DSSL has been defined. this is what we have in our main httpd config file: <IfDefine SSL> Include conf/httpd-ssl.conf </IfDefine> so my question is, is there a way of skipping mod_ssl initialization (ssl_init_Module()) altogether with some Apache command line parameter for example when Apache is being run without using SSL functionality? best regards, -- aspa
*** ssl_engine_init.c.dist Thu Mar 22 16:07:10 2001 --- ssl_engine_init.c Thu Mar 22 17:04:46 2001 *************** *** 373,378 **** --- 373,379 ---- { SSLModConfigRec *mc = myModConfig(); ssl_asn1_t *asn1; + int st; unsigned char *ucp; RSA *rsa; DH *dh; *************** *** 381,392 **** if (action == SSL_TKP_GEN) { /* seed PRNG */ ! ssl_rand_seed(s, p, SSL_RSCTX_STARTUP, "Init: "); /* generate 512 bit RSA key */ ssl_log(s, SSL_LOG_INFO, "Init: Generating temporary RSA private keys (512/1024 bits)"); if ((rsa = RSA_generate_key(512, RSA_F4, NULL, NULL)) == NULL) { ssl_log(s, SSL_LOG_ERROR, "Init: Failed to generate temporary 512 bit RSA private key"); ssl_die(); } asn1 = (ssl_asn1_t *)ssl_ds_table_push(mc->tTmpKeys, "RSA:512"); --- 382,394 ---- if (action == SSL_TKP_GEN) { /* seed PRNG */ ! st = ssl_rand_seed(s, p, SSL_RSCTX_STARTUP, "Init: "); /* generate 512 bit RSA key */ ssl_log(s, SSL_LOG_INFO, "Init: Generating temporary RSA private keys (512/1024 bits)"); if ((rsa = RSA_generate_key(512, RSA_F4, NULL, NULL)) == NULL) { ssl_log(s, SSL_LOG_ERROR, "Init: Failed to generate temporary 512 bit RSA private key"); + ssl_log(s, SSL_LOG_ERROR, ERR_reason_error_string(ERR_get_error())); ssl_die(); } asn1 = (ssl_asn1_t *)ssl_ds_table_push(mc->tTmpKeys, "RSA:512");