I downloaded and configured/built/tested 0.9.7a on BSD/OS 4.3.1 with no problems, using the following commands:
./config shared --prefix=/usr/contrib --openssldir=/usr/contrib/lib/openssl threads make make test The tests completed with no errors. I then applied the blinding patch from http://www.openssl.org//news/secadv_20030317.txt, did "make clean" and then the same commands as shown above. One of the certificate request tests failed with the following output: make a certificate request using 'req' rsa Generating a 512 bit RSA private key ..++++++++++++ ...++++++++++++ writing new private key to 'keyCA.ss' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:AU Organization Name (eg, company) []:Dodgy Brothers Common Name (eg, YOUR name) []:Dodgy CA convert the certificate request into a self signed certificate using 'x509' unable to load 'random state' This means that the random number generator has not been seeded with much random data. Consider setting the RANDFILE environment variable to point at a file that 'random' data can be kept in (the file will be overwritten). Signature ok subject=/C=AU/O=Dodgy Brothers/CN=Dodgy CA Getting Private key 20476:error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not seeded:md_rand.c:503:You need to read the OpenSSL FAQ, http://www.openssl.org/support/faq.html 20476:error:0D080006:asn1 encoding routines:ASN1_sign:EVP lib:a_sign.c:275:error using 'x509' to self sign a certificate request *** Error code 1 Stop. *** Error code 1 Stop. I then downloaded the latest rsa_lib.c and rsa_eay.c from CVS to make sure my patching went correctly, and the compared 100%. Any ideas why this patch breaks "make test"? Should I go ahead and install this build, or should I wait for a further patch? Terry Kennedy http://www.tmk.com [EMAIL PROTECTED] New York, NY USA ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
