[Dovecot] OpenSSL on AIX
Hi,
with current test releases SSL doesn't work anymore for me on AIX 4.3 with dovecot-0.99.10-test14. It worked with 0.99.9.1.
dovecot: Jun 23 19:42:23 Info: Dovecot starting up imap-login: Jun 23 19:42:25 Fatal: RAND_bytes() failed: error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not seeded
imap-login: Jun 23 19:42:25 Fatal: RAND_bytes() failed: error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not seeded
imap-login: Jun 23 19:42:25 Fatal: RAND_bytes() failed: error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not seeded
dovecot: Jun 23 19:42:25 Error: Login process died too early - shutting down
AIX doesn't have /dev/u?random, so I don't know if that could be the culprit. EGD would be available though.
Adam
Adam adam@os.inf.tu-dresden.de Lackorzynski http://os.inf.tu-dresden.de/~adam/
On Mon, Jun 23, 2003 at 10:49:53PM +0200, Adam Lackorzynski wrote:
with current test releases SSL doesn't work anymore for me on AIX 4.3 with dovecot-0.99.10-test14. It worked with 0.99.9.1.
imap-login: Jun 23 19:42:25 Fatal: RAND_bytes() failed: error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not seeded
AIX doesn't have /dev/u?random, so I don't know if that could be the culprit. EGD would be available though.
How does EGD work? It listens in /tmp/something? But .. hmh. I don't know. I'd guess you need the randomness in any case. Should I just add extra code to feed OpenSSL's PRNG from specified file (device/socket/etc)?
On Tue Jun 24, 2003 at 17:41:06 +0300, Timo Sirainen wrote:
How does EGD work? It listens in /tmp/something? But .. hmh. I don't know.
The daemon provides a socket where applications can get entropy from.
I'd guess you need the randomness in any case. Should I just add extra code to feed OpenSSL's PRNG from specified file (device/socket/etc)?
Looks like that. Other projects which support egd have extra code for the RAND_*egd* functions.
Thanks, Adam
Adam adam@os.inf.tu-dresden.de Lackorzynski http://os.inf.tu-dresden.de/~adam/
On Tue, Jun 24, 2003 at 05:14:08PM +0200, Adam Lackorzynski wrote:
I'd guess you need the randomness in any case. Should I just add extra code to feed OpenSSL's PRNG from specified file (device/socket/etc)?
Looks like that. Other projects which support egd have extra code for the RAND_*egd* functions.
OpenSSL automatically queries EGD when entropy is requested via
RAND_bytes() or the status is checked via RAND_status() for the first
time, if the socket is located at /var/run/egd-pool, /dev/egd-pool or
/etc/egd-pool.You don't have it in any of those?
On Tue Jun 24, 2003 at 18:21:05 +0300, Timo Sirainen wrote:
OpenSSL automatically queries EGD when entropy is requested via RAND_bytes() or the status is checked via RAND_status() for the first time, if the socket is located at /var/run/egd-pool, /dev/egd-pool or /etc/egd-pool.
Oh, nice to know.
You don't have it in any of those?
If I create a link it does work.
There should be some hint somewhere what the egd path should look like (or it should be configurable or something). The egd package doesn't recommend one of the above paths and so I made up one myself. And reading through the RAND_egd manpage isn't so obvious either... ;)
Thanks again, Adam
Adam adam@os.inf.tu-dresden.de Lackorzynski http://os.inf.tu-dresden.de/~adam/
participants (2)
-
Adam Lackorzynski
-
Timo Sirainen