[Date Prev][Date Next] [Chronological] [Thread] [Top]

PRNG and SSL problem

Title: PRNG and SSL problem

On a client I run the ldapmodify command with -ZZ specified and get the following:

ldap_start_tls:  Success
additional info: error: 24064064: random number generator: SSLEAY_RAND_BYTES:PRNG not seeded

So, I seeded /.rnd with openssl's -rand switch and the server stopped complaining, but the client ldapmodify command still gives the error above.  I tried running EGD and setting TLS_RANDFILE to /.gnupg/entropy (where EGD likes to put it) - no joy.  Still, the server does not complain, but the client where I run ldapmodify still gives the error.  I tried various other things to get rid if this error, but to no avail.  The server log shows this:

TLS trace: SSL_accept:SSLv3 flush data
tls_read: want=5 error=Resource temporarily unavailable
TLS trace: SSL_accept:error in SSLv3 read client certificate A
TLS trace: SSL_accept:error in SSLv3 read client certificate A
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: select: listen=8 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 9r
daemon: read activity on 9
connection_get(9): got connid=9
connection_read(9): checking for input on id=9
tls_read: want=5, got=0

TLS trace: SSL_accept:failed in SSLv3 read client certificate A
TLS: can't accept.
connection_read(9): TLS accept error error=-1 id=9, closing
connection_closing: readying conn=9 sd=9 for close
connection_close: conn=9 sd=9

Thinking there might be something wrong with my certificate, I generated a new one using standard openssl procedures.  Still no good.  Do I have a certificate problem?  Or, do I need to run EGD on the client machine?  Or what?