Re: random woes ("no RSA support in libssl and libcrypto")
Tue, Mar 27, 2001 at 11:33:11, mark (Mark Murray) wrote about "Re: random woes ("no
RSA support in libssl and libcrypto")":
> > Well, but it says about `options RANDOMDEV'. Later, `device random' was
> > invented instead of it. A few days ago I installed -CURRENT
> > (date=2001.03.25.12.00.00) with removing all previous content of /usr/lib
> > (which contained legacy since 3.1-RELEASE) and /usr/sbin/sshd began to refuse
> > supporting protocol 1 with identical message
> > (`no RSA support in libssl and libcrypto. See ssl(8)'). Also,
> > kernel was build with `device random', and
> >
> > netch@iv:/usr/HEAD/src/sys/i386/conf>egrep '(RSA|USA)' /etc/make.conf
> > # If you're resident in the USA, this will help various ports to determine
> > USA_RESIDENT= NO
> > WITH_RSA=YES
> You missed (and deleted) the bit where it tells you to rerun MAKEDEV
> to rebuild your devices.
No, /dev/urandom was correct, 'MAKEDEV all' was run properly.
The only change was to remove old libraries, which are not installed
via installworld in modern -CURRENT, from /usr/lib.
> > And, my questions are
> > 1) What can happen to refuse RSA support in libcrypto, with environment
> > described above?
> An incorrect /dev/urandom
No.
> > 3) Can anybody provide more descriptive message when random device
> > works improperly?
> Yes. I'm working on making the random device itself moan at you.
Thank you for polite reply.;) But, the problem is not solved in this way.
That's why I asked some description how to diagnose these problems.
Instead of its I received random moans. Ok, thanks.
/netch
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
Re: random woes ("no RSA support in libssl and libcrypto")
> > See src/UPDATING 2624 > > Well, but it says about `options RANDOMDEV'. Later, `device random' was > invented instead of it. A few days ago I installed -CURRENT > (date=2001.03.25.12.00.00) with removing all previous content of /usr/lib > (which contained legacy since 3.1-RELEASE) and /usr/sbin/sshd began to refuse > supporting protocol 1 with identical message > (`no RSA support in libssl and libcrypto. See ssl(8)'). Also, > kernel was build with `device random', and > > netch@iv:/usr/HEAD/src/sys/i386/conf>egrep '(RSA|USA)' /etc/make.conf > # If you're resident in the USA, this will help various ports to determine > USA_RESIDENT= NO > WITH_RSA=YES You missed (and deleted) the bit where it tells you to rerun MAKEDEV to rebuild your devices. > And, my questions are > 1) What can happen to refuse RSA support in libcrypto, with environment > described above? An incorrect /dev/urandom > 2) How can one diagnose reason of such problems without abusing studying > of libcrypto internals? More reading of UPDATING? I'll see if I can get it clarified. > 3) Can anybody provide more descriptive message when random device > works improperly? Yes. I'm working on making the random device itself moan at you. M -- Mark Murray Warning: this .sig is umop ap!sdn To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: random woes ("no RSA support in libssl and libcrypto")
On Tue, 27 Mar 2001, Valentin Nechayev wrote: > And, my questions are > 1) What can happen to refuse RSA support in libcrypto, with environment > described above? I suspect you need to remake /dev/urandom. Copy /usr/src/etc/MAKEDEV from -current into /etc and remake the device. /dev/urandom is now a symlink to /dev/random. G To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: random woes ("no RSA support in libssl and libcrypto")
Mon, Mar 19, 2001 at 16:02:08, mark (Mark Murray) wrote about "Re: random woes ("no
RSA support in libssl and libcrypto")":
> > ssh: no RSA support in libssl and libcrypto. See ssl(8)
[...]
> > It seems the compatibility with the previous minor of urandom has
> > been silently removed (I assume this happened with the last
> > update/cleanup of the random device). It took me two hours to figure
> > it out.
>
> See src/UPDATING 2624
Well, but it says about `options RANDOMDEV'. Later, `device random' was
invented instead of it. A few days ago I installed -CURRENT
(date=2001.03.25.12.00.00) with removing all previous content of /usr/lib
(which contained legacy since 3.1-RELEASE) and /usr/sbin/sshd began to refuse
supporting protocol 1 with identical message
(`no RSA support in libssl and libcrypto. See ssl(8)'). Also,
kernel was build with `device random', and
netch@iv:/usr/HEAD/src/sys/i386/conf>egrep '(RSA|USA)' /etc/make.conf
# If you're resident in the USA, this will help various ports to determine
USA_RESIDENT= NO
WITH_RSA=YES
And, my questions are
1) What can happen to refuse RSA support in libcrypto, with environment
described above?
2) How can one diagnose reason of such problems without abusing studying
of libcrypto internals?
3) Can anybody provide more descriptive message when random device
works improperly?
/netch
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
Re: random woes ("no RSA support in libssl and libcrypto")
> It seems the compatibility with the previous minor of urandom has > been silently removed (I assume this happened with the last > update/cleanup of the random device). It took me two hours to figure > it out. See src/UPDATING 2624 M -- Mark Murray Warning: this .sig is umop ap!sdn To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
random woes ("no RSA support in libssl and libcrypto")
Just in case some else gets caught (which is sure to happen), in case you get the following obscure message from ssh after updating your -current: ssh: no RSA support in libssl and libcrypto. See ssl(8). This just means you need to remake your /dev/urandom (ln -f random urandom). It seems the compatibility with the previous minor of urandom has been silently removed (I assume this happened with the last update/cleanup of the random device). It took me two hours to figure it out. -- Pierre Beyssac [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
