Strange startup problem with Apache 2.0.44
am 27.02.2003 14:09:44 von Beat Mueller
Dear all,
first the properties of my box: Solaris 7 (hence no /dev/random) and gcc 3.=
0.1.
I compiled Apache 2.0.44 with the following options:
/configure --prefix=3D/usr/local/apache-2.0.44-ssl --enable-info --enabl=
e-ssl \
--with-egd=3D/var/adm/entropy
My SSL is 0.9.7a, and /var/adm/entropy is a socket serviced by PRNG (I test=
ed it
with egc.pl and it delivers the desired data, but this is not the problem)
When I try to start the server error_log writes:
[Thu Feb 27 13:24:41 2003] [info] Init: Initializing OpenSSL library
[Thu Feb 27 13:24:41 2003] [info] Init: Seeding PRNG with 0 bytes of entrop=
y
[Thu Feb 27 13:24:41 2003] [warn] Init: PRNG still contains insufficient en=
tropy!
[Thu Feb 27 13:24:41 2003] [info] Init: Generating temporary RSA private ke=
ys (512/1024 bits)
[Thu Feb 27 13:24:41 2003] [error] Init: Failed to generate temporary 512 b=
it RSA private key
Configuration Failed
The relevant portions of my httpd.conf:
Include conf/test-ssl.conf
And in test-ssl.conf:
SSLRandomSeed startup builtin
SSLRandomSeed startup egd:/var/adm/entropy 512
SSLRandomSeed connect builtin
SSLRandomSeed connect egd:/var/adm/entropy 512
The rest is more or less standard. Whatever I write into test-ssl.conf the =
error
message shown above comes again. Even if I comment out SSL in httpd.conf:
#
# Include conf/test-ssl.conf
#
the same message appears. A truss on the process (with or without outcommen=
ted
mod_ssl.c) yields the same:
14566: open("/dev/urandom", O_RDONLY|O_NONBLOCK|O_NOCTTY) Err#2 ENOENT
14566: open("/dev/random", O_RDONLY|O_NONBLOCK|O_NOCTTY) Err#2 ENOENT
14566: open("/dev/srandom", O_RDONLY|O_NONBLOCK|O_NOCTTY) Err#2 ENOENT
What is happening here? My Solaris box has none of these /dev/*random, but
why are they called when I a) specify /var/adm/entropy and b) even when
I don't want to start SSL at all?
Thank a lot in advance for your input,
Beat
--
Beat Müller
Institut für Elektronik
ETH Zürich - Schweiz
beat.mueller@ife.ee.ethz.ch
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org
Re: Strange startup problem with Apache 2.0.44
am 28.02.2003 16:24:45 von Carlos Villegas
I also had some strange problems with apache 2.0.44 on solaris 9, it
turned out to be that the module automatically uses conf/ssl.conf (which I
didn't expect). So my suggestion is that you should add all the ssl
configuration in this file only.
Carlos
> Dear all,
>
> first the properties of my box: Solaris 7 (hence no /dev/random) and gcc 3.0.1.
> I compiled Apache 2.0.44 with the following options:
>
> ./configure --prefix=/usr/local/apache-2.0.44-ssl --enable-info --enable-ssl \
> --with-egd=/var/adm/entropy
>
> My SSL is 0.9.7a, and /var/adm/entropy is a socket serviced by PRNG (I tested it
> with egc.pl and it delivers the desired data, but this is not the problem)
>
> When I try to start the server error_log writes:
> [Thu Feb 27 13:24:41 2003] [info] Init: Initializing OpenSSL library
> [Thu Feb 27 13:24:41 2003] [info] Init: Seeding PRNG with 0 bytes of entropy
> [Thu Feb 27 13:24:41 2003] [warn] Init: PRNG still contains insufficient entropy!
> [Thu Feb 27 13:24:41 2003] [info] Init: Generating temporary RSA private keys (512/1024 bits)
> [Thu Feb 27 13:24:41 2003] [error] Init: Failed to generate temporary 512 bit RSA private key
> Configuration Failed
>
> The relevant portions of my httpd.conf:
>
> Include conf/test-ssl.conf
>
>
> And in test-ssl.conf:
> SSLRandomSeed startup builtin
> SSLRandomSeed startup egd:/var/adm/entropy 512
> SSLRandomSeed connect builtin
> SSLRandomSeed connect egd:/var/adm/entropy 512
>
> The rest is more or less standard. Whatever I write into test-ssl.conf the error
> message shown above comes again. Even if I comment out SSL in httpd.conf:
> #
> # Include conf/test-ssl.conf
> #
>
> the same message appears. A truss on the process (with or without outcommented
> mod_ssl.c) yields the same:
>
> 14566: open("/dev/urandom", O_RDONLY|O_NONBLOCK|O_NOCTTY) Err#2 ENOENT
> 14566: open("/dev/random", O_RDONLY|O_NONBLOCK|O_NOCTTY) Err#2 ENOENT
> 14566: open("/dev/srandom", O_RDONLY|O_NONBLOCK|O_NOCTTY) Err#2 ENOENT
>
> What is happening here? My Solaris box has none of these /dev/*random, but
> why are they called when I a) specify /var/adm/entropy and b) even when
> I don't want to start SSL at all?
>
>
> Thank a lot in advance for your input,
> Beat
> --
> Beat Müller
> Institut für Elektronik
> ETH Zürich - Schweiz
> beat.mueller@ife.ee.ethz.ch
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>
--
Doubt is a not a pleasant mental state, but certainty is a ridiculous one.
-- Voltaire
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org