www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Matt Ward <matt.w...@forestent.com>
Subject config/9293: "SSLRandomSeed startup ..." directive MUST exist in base httpd.conf file, not in include
Date Fri, 28 Dec 2001 16:37:18 GMT

>Number:         9293
>Category:       config
>Synopsis:       "SSLRandomSeed startup ..." directive MUST exist in base httpd.conf file,
not in include
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    apache
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Fri Dec 28 08:40:00 PST 2001
>Closed-Date:
>Last-Modified:
>Originator:     matt.ward@forestent.com
>Release:        2.0.28
>Organization:
apache
>Environment:
Env #1
SunOS ike 5.8 Generic_108528-03 sun4u sparc SUNW,Ultra-80
Sun Pro C compiler (v5 I believe)
OpenSSL 0.9.6 (from www.sunfreeware.com)

Env #2
SunOS mward00 5.8 Generic_108528-12 sun4u sparc SUNW,UltraAX-i2
gcc 3.0.2
OpenSSL 0.9.6 (from www.sunfreeware.com)
>Description:
In trying to get Apache running against the OpenSSL from www.sunfreeware.com, I kept running
into the following problem.

[Fri Dec 28 08:08:58 2001] [error] mod_ssl: Init: Failed to generate temporary 512 bit RSA
private key (OpenSSL library error follows)
[Fri Dec 28 08:08:58 2001] [error] OpenSSL: error:24064064:random number generat
or:SSLEAY_RAND_BYTES:PRNG not seeded
[Fri Dec 28 08:08:58 2001] [error] OpenSSL: error:04069003:rsa routines:RSA_gene
rate_key:BN lib

After hours of fighting with a EGD (PRNGD) for Solaris, even installing a /dev/random device,
I finally decided to try copying the "SSLRandomSeed startup ..." directive to the main httpd.conf
from the ssl.conf.  (Mind you, the distributed sample configs have it in the ssl.conf that
is Included into the main httpd.conf).  Problem solved.
>How-To-Repeat:

>Fix:
Note in the documentation that the directive MUST be present in the main httpd.conf file (not
included), or change the processing order for this directive so that it comes *after* the
includes have been processed.
>Release-Note:
>Audit-Trail:
>Unformatted:
 [In order for any reply to be added to the PR database, you need]
 [to include <apbugs@Apache.Org> in the Cc line and make sure the]
 [subject line starts with the report component and number, with ]
 [or without any 'Re:' prefixes (such as "general/1098:" or      ]
 ["Re: general/1098:").  If the subject doesn't match this       ]
 [pattern, your message will be misfiled and ignored.  The       ]
 ["apbugs" address is not added to the Cc line of messages from  ]
 [the database automatically because of the potential for mail   ]
 [loops.  If you do not include this Cc, your reply may be ig-   ]
 [nored unless you are responding to an explicit request from a  ]
 [developer.  Reply only with text; DO NOT SEND ATTACHMENTS!     ]
 
 


Mime
View raw message