You are viewing a plain text version of this content. The canonical link for it is here.
Posted to apache-bugdb@apache.org by Matt Ward <ma...@forestent.com> on 2001/12/28 17:37:18 UTC

config/9293: "SSLRandomSeed startup ..." directive MUST exist in base httpd.conf file, not in include

>Number:         9293
>Category:       config
>Synopsis:       "SSLRandomSeed startup ..." directive MUST exist in base httpd.conf file, not in include
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    apache
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Fri Dec 28 08:40:00 PST 2001
>Closed-Date:
>Last-Modified:
>Originator:     matt.ward@forestent.com
>Release:        2.0.28
>Organization:
apache
>Environment:
Env #1
SunOS ike 5.8 Generic_108528-03 sun4u sparc SUNW,Ultra-80
Sun Pro C compiler (v5 I believe)
OpenSSL 0.9.6 (from www.sunfreeware.com)

Env #2
SunOS mward00 5.8 Generic_108528-12 sun4u sparc SUNW,UltraAX-i2
gcc 3.0.2
OpenSSL 0.9.6 (from www.sunfreeware.com)
>Description:
In trying to get Apache running against the OpenSSL from www.sunfreeware.com, I kept running into the following problem.

[Fri Dec 28 08:08:58 2001] [error] mod_ssl: Init: Failed to generate temporary 512 bit RSA private key (OpenSSL library error follows)
[Fri Dec 28 08:08:58 2001] [error] OpenSSL: error:24064064:random number generat
or:SSLEAY_RAND_BYTES:PRNG not seeded
[Fri Dec 28 08:08:58 2001] [error] OpenSSL: error:04069003:rsa routines:RSA_gene
rate_key:BN lib

After hours of fighting with a EGD (PRNGD) for Solaris, even installing a /dev/random device, I finally decided to try copying the "SSLRandomSeed startup ..." directive to the main httpd.conf from the ssl.conf.  (Mind you, the distributed sample configs have it in the ssl.conf that is Included into the main httpd.conf).  Problem solved.
>How-To-Repeat:

>Fix:
Note in the documentation that the directive MUST be present in the main httpd.conf file (not included), or change the processing order for this directive so that it comes *after* the includes have been processed.
>Release-Note:
>Audit-Trail:
>Unformatted:
 [In order for any reply to be added to the PR database, you need]
 [to include <ap...@Apache.Org> in the Cc line and make sure the]
 [subject line starts with the report component and number, with ]
 [or without any 'Re:' prefixes (such as "general/1098:" or      ]
 ["Re: general/1098:").  If the subject doesn't match this       ]
 [pattern, your message will be misfiled and ignored.  The       ]
 ["apbugs" address is not added to the Cc line of messages from  ]
 [the database automatically because of the potential for mail   ]
 [loops.  If you do not include this Cc, your reply may be ig-   ]
 [nored unless you are responding to an explicit request from a  ]
 [developer.  Reply only with text; DO NOT SEND ATTACHMENTS!     ]