(Copy of 2 original mails to Ben Laurie (Apache-SSL))
1. Mail
-------
i try to install on HP-UX 11 with HP ansi-C Compiler the Apache 1.3.12+ssl
1.41 with openssl 0.9.6.
With Netscape 4.05 i got the following error message:
[Mon Oct 2 15:34:34 2000] [debug] apache_ssl.c(1008): Generating 512 bit
key
[Mon Oct 2 15:34:34 2000] [error] SSL_accept failed
[Mon Oct 2 15:34:34 2000] [error] error:24064064:random number
generator:SSLEAY_RAND_BYTES:PRNG not seeded
[Mon Oct 2 15:34:34 2000] [error] error:04069003:rsa
routines:RSA_generate_key:BN lib
[Mon Oct 2 15:34:34 2000] [error] error:1409B444:SSL
routines:SSL3_SEND_SERVER_KEY_EXCHANGE:error generating tmp rsa key
HP-UX 11 is not a good and simple base for Apache-SSL, but it's our server
operatign system:
- original "patch" to old (->hp-porting center ok)
- original "perl" to old (->hp-porting center ok)
- no /dev/urandom or /dev/random (-> small program with random(3) to
generate .rnd 4096 byte long)
- the certificate httpsd.pem had to be generated on linux, because it fails
on hp-ux.
My IE5 (56 Bit key) have no problem to connect the ssl-server.
2. mail
-------
it is not a problem of apache-ssl, but of openssl.
Generating RSA key uses function RAND_poll of crypto/rand/rand_win.c. This
function uses with UNIX allways DEVRANDOM defined in e_os.h - $HOME/.rnd or
$RANDFILE is not used! HP-UX has no /dev/urandom. #undef DEVRANDOM is no
good idear. I changed RAND_poll and now it works. OK, to call srandom(3) and
random(3) is not the best way to get random numbers, but it works and
RAND_poll needs only 20 bytes at this point.
Mit freundlichen Gruessen
gez. Bernhard Hasch
Landesvermessungsamt
Rheinland-Pfalz
Postfach 30 05 20
56028 Koblenz
Tel. 0261 492-418
Fax. 0251 402-492
E-Mail [EMAIL PROTECTED]
rand_win_ha.c
BEGIN:VCARD
VERSION:2.1
N:Hasch;Bernhard;;;
FN:Bernhard Hasch
ORG:;
TITLE:
EMAIL;PREF;INTERNET:[EMAIL PROTECTED]
REV:19991207T132717Z
END:VCARD
