Solaris 7 & 8: Problem and solution with mod_ssl and PRNGD when updatingto 1.3.27

Solaris 7 & 8: Problem and solution with mod_ssl and PRNGD when updatingto 1.3.27

am 22.11.2002 13:19:31 von Alex Kuehne

Hi folks,

I am curently updating all my apache server to the newest version of
apache/mod_ssl/openssl, at
least I tried until I found the solution.

I get an error when starting the freshly compiled apache 1.3.27 with
config from 1.3.26:

[Fri Nov 22 11:56:43 2002] [error] mod_ssl: Init: Failed to generate
temporary 5
12 bit RSA private key (OpenSSL library error follows)
[Fri Nov 22 11:56:43 2002] [error] OpenSSL: error:24064064:random number
generat
or:SSLEAY_RAND_BYTES:PRNG not seeded
[Fri Nov 22 11:56:43 2002] [error] OpenSSL: error:04069003:rsa
routines:RSA_gene
rate_key:BN lib

I know this is because under Solaris<9 there is no /dev/(u)random. So I
use the prngd
daemon by Lutz Jaenicke since ever.

My working configuration in httpd.conf from version 1.3.26/2.8.10 is:

SSLRandomSeed startup egd:/etc/egd-pool
SSLRandomSeed connect egd:/etc/egd-pool

But this does not work with 1.3.27/2.8.12 obviously.

The solution is appendig the bytes you wish to get from prngd:

SSLRandomSeed startup egd:/etc/egd-pool 512
SSLRandomSeed connect egd:/etc/egd-pool 512

As far as I searched this is not documented. Please can anyone insert
this into
the documentation chapter 3?

Thanks and regards
Alex Kuehne



____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org