[Date Prev][Date Next] [Chronological] [Thread] [Top]

SSL/TLS and PRNGD

To: openldap-software@OpenLDAP.org
Subject: SSL/TLS and PRNGD
From: Paul Reilly <pareilly@tcd.ie>
Date: Fri, 21 Feb 2003 18:53:50 +0000 (GMT)

I've compiled OpenLDAP 2.1.12 with SSL/TLS but I suspect it is falling
down due to the lack of a /dev/random on my OS (Tru64 Unix):

ldapsearch -Z -x -D 'cn=....' -W -H 'ldaps://....' -b '....'
ldap_start_tls: Can't contact LDAP server (81)
additional info: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

Testing the SSL connection to OpenLDAP 636 using openssl s_client works,
but only if I specify the -rand option

openssl s_client -connect server:636 -CAfile /path/toCA.pem -rand /dev/egd-pool -state

without the -rand option it produces a 'PRNG not seeded' message. So I
suspect OpenLDAP is having the same problem. I had a look through all the
compile options for OpenLDAP but can't see anywhere where you could
specify a random number device. Is there anywhere I can set this in
OpenLDAP or is it a problem with my OpenSSL libraries?

Paul

Follow-Ups:
- Re: SSL/TLS and PRNGD
  - From: "dreamwvr@dreamwvr.com" <dreamwvr@dreamwvr.com>
- RE: SSL/TLS and PRNGD
  - From: "Howard Chu" <hyc@highlandsun.com>
- Re: SSL/TLS and PRNGD
  - From: James Bourne <jbourne@mtroyal.ab.ca>

Prev by Date: RE: NDS to OpenLDAP
Next by Date: Re: NDS to OpenLDAP
Index(es):
- Chronological
- Thread