Subject: Re: Unable to enable RSA blinding
To: None <tech-pkg@NetBSD.org>
From: D'Arcy J.M. Cain <darcy@NetBSD.org>
Date: 05/31/2004 07:23:33
On Wed, 19 May 2004 16:13:35 -0400
"D'Arcy J.M. Cain" <darcy@NetBSD.org> wrote:
> I cannot make the latest version of mod-ssl (ap-ssl in pkgsrc) work.
> I keep getting the following error.
> [Tue May 18 21:00:50 2004] [error] mod_ssl: Init:
> (panther.givex.com:443) Unable to enable RSA blinding (probably PRNG
> failure) (OpenSSL library error follows)
> [Tue May 18 21:00:50 2004] [error] OpenSSL:
> It happens with apache-1.3.29 and apache-1.3.31 and it happens with
> 2.0E and 1.6.2 release. I have reinstalled openssl, apache and ap-ssl
> a number of times and still get this error. I thought that there
> might be an entropy problem but the error happens whether I use
> builtin,/dev/random or /dev/urandom. In any case, it doesn't block,
> it fails pretty much right away. It happens on self-signed certs and
> regular CA issued certs.
I have tried Apache2 which doesn't seem to have this problem.
Unfortunately it also doesn't have mod-python and mod-auth-postgresql
I went back to Apache 1 after the bump to mod-ssl 2.8.18 but that didn't
help. I can't believe I am the only one seeing this on every machine
(1.6 -current as well as 2.0BETA) and yet no one has answered that they
even see the problem. I wrote to the mod-ssl mailing list but no answer
Clues, hair brained or otherwise, happily accepted. Alternatively if
someone could get PR pkg/21720 working and into pkgsrc I might be able
to live without the Python module in Apache2 for now.
D'Arcy J.M. Cain <darcy@NetBSD.org>