[htdig] https won't index: htdig-3.1.6 ssl.8 patch

Wed, 06 Feb 2002 12:23:38 -0800 

Solaris 8
openssl 0.9.6
htdig 3.1.6 ssl.8 patch

http://www.site.com is a redirect to https://www.site.com which as a
mailman archive that i'm trying to index in
https://www.site.com/pipermail/ops 

htdig.conf is stock except from the start_url (of course).

the browser used is mozilla 0.9.7 and is NOT on same machine as web
server.

error in rundig:

 ./rundig -vvv
URL: https://www.site.com/      1:1:https://www.site.com/
New server: www.site.com, 443
Unable to build connection with www.site.com:443
 pushed
pick: www.site.com, # servers = 1
htmerge: Unable to open word list file
'/app/mailman-2.0.8/htdig/www/htdig/db/db.wordlist'.
Did you index anything?
Check your config file and try running htdig again.

Starting from that i'v looked in my apache error_log seeing:

[Wed Feb  6 11:36:04 2002] [error] mod_ssl: SSL handshake failed (server
www.site.com:443, client 10.255.1.18) (OpenSSL library error follows)
[Wed Feb  6 11:36:04 2002] [error] OpenSSL: error:1406B0FD:SSL
routines:GET_CLIENT_MASTER_KEY:unknown remote error type

Now browsing on the htdig archives I came accross this test:

bash-2.04# /usr/local/bin/openssl s_client -host www.site.com -port 443
unable to load 'random state'
This means that the random number generator has not been seeded
with much random data.
Consider setting the RANDFILE environment variable to point at a file
that
'random' data can be kept in (the file will be overwritten).
gethostbyname failure
connect:errno=2

Looking on the OpenSSL faq I came across this little advice:

Some broken applications do not do this. As of version 0.9.5, the
OpenSSL functions that need randomness report an error if the random
number generator has not been seeded with at least 128 bits of
randomness.

Suspecting my daemon to be the problem (prngd) I made the test:

bash-2.04# egc.pl /var/spool/prngd/pool get
32800 bits of entropy in pool

Humm which looks ok plus running sshv2 never indicated such a problem.

I'v already compiled openssl-0.9.6c but did not try it yet.

Anybody experienced that problem using the same version (htdig-3.1.6
ssl.8)?

Thanks!

-- 
Eric Berthiaume, system administrator
BCE-Teleglobe, Montreal IDC
[EMAIL PROTECTED]


_______________________________________________
htdig-general mailing list <[EMAIL PROTECTED]>
To unsubscribe, send a message to <[EMAIL PROTECTED]> with a 
subject of unsubscribe
FAQ: http://htdig.sourceforge.net/FAQ.html

Reply via email to