[Dovecot] Dovecot + SSL + Fedora

Timo Sirainen tss at iki.fi
Mon May 24 19:50:54 EEST 2004


On 24.5.2004, at 10:43, David Keegel wrote:

> I've been seeing the Dovecot/SSL/Fedora 1 problem.
>
> I have a dovecot server which tends to die at least once a day,
> with messages like these :-
> May 24 13:44:44 mail pop3-login: RAND_bytes() failed: 
> error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not 
> seeded
> May 24 13:44:44 mail dovecot: Login process died too early - shutting 
> down
>
> I noticed Timo's email about this at:
> 	http://www.dovecot.org/list/dovecot/2004-May/003316.html
> with the patch that just ignores the return code of RAND_bytes().

That fixes the crashes, but probably still causes occational problems 
with SSL connection handshakes failing.

> Would disabling SSL in dovecot.conf also be a reasonable way of
> avoiding the problem of dovecot crashing?
>
> My plan is to set
> 	ssl_disable = yes

If you don't need SSL, it's a good solution.

> and also take out pops and imaps from protocols.  That is a lot
> easier for me than getting source, patching it, re-compiling and
> re-installing.
>
> We are using
> Fedora Core 1		(fedora-release-1-3 i386 rpm)
> Dovecot 0.99.10		(dovecot-0.99.10-4 i386 rpm)
> OpenSSL 0.9.7a		(openssl-0.9.7a-33.10 i386 rpm)

This could also be fixed by patching OpenSSL (I think). Patch in 
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=115284
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
URL: <http://dovecot.org/pipermail/dovecot/attachments/20040524/2ce1fff3/attachment-0001.bin>


More information about the dovecot mailing list