[Dovecot] 0.99.10-test12

Jeremy Katz katzj at redhat.com
Wed Jun 18 01:27:18 EEST 2003


On Sat, 2003-06-14 at 23:58, Timo Sirainen wrote:
> - OpenSSL problems. Are they really my fault? I have no idea what I
> could be doing wrong. Maybe some compile option is wrong? 

Sorry, found out the answer to this on Friday afternoon (from our local
ssl guru) and haven't had a chance to sit down and send the reasoning.

Basically, if you're using OpenSSL with the RSA blinding patch as
supplied by the OpenSSL folks, then the blinding ends up not having
entropy.  This is because /dev/urandom won't exist in your chroot and so
the SSL entropy isn't able to be setup.

Probably the best fix would be initializing SSL bits before the chroot
(similar to the way timezone setup has to happen).  That or making sure
you have /dev/urandom in your chroot.  I was going to look more at the
former but just haven't had the cycles yet :/

> Also I should
> try to use pkg-config to get compile flags if it exists in configure.

Would be nice, but won't help this :)

Cheers,

Jeremy



More information about the dovecot mailing list