Hello all,
I'm trying to get reverse HTTPS on squid to work.
It all compiles (squid and openssl) fine, but with heavy use I get the
following error
2002/05/16 16:04:07| clientNegotiateSSL: Error negotiating SSL connection on
FD 38: error:240
64064:random number generator:SSLEAY_RAND_BYTES:PRNG not seeded
And customers complain that they get blank pages.
So, I read the manual and search the web.
I've seen on the openssl FAQ that this error is generated by the openssl
libraries. Since there is no /dev/random or other egd generator on Solaris
you have to install your own.
I've downloaded egd from http://www.lothar.com/tech/crypto
compiled and installed it. It is now running on /etc/system.
Now I can see that squid isn't using it.
I found this out with
# lsof /etc/entropy
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
egd.pl 7077 root 4u unix 105,10 0t0 124192
/devices/pseudo/tl@0:ticots->/etc/entropy (0x300016b9c30)
(Vnode=0x300009740e0)
So what I'm wondering is how I can tell Squid to use the RAND_egd() command
to use /etc/entropy
as a source of entrypy to be used by squid??
Suggestions anyone?
Peter Kassies
Received on Fri May 17 2002 - 04:37:29 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:08:09 MST