No idea.. try looking into the OpenSSL FAQ on how to make entropy work
on Solaris.. I suspect this is more of an OpenSSL installation/build
issue than a Squid issue, but I am not 100% familiar with what entropy
sources OpenSSL is capable of finding automatically, and which it needs
help from the application to use.
I only uses OpenSSL on Linux, and there OpenSSL knows how to make proper
use of /dev/urandom as a entropy source (and checks the quality of the
returned psuedo-entropy).
Regards
Henrik Nordström
Peter Kassies wrote:
>
> Hello all,
>
> I'm trying to get reverse HTTPS on squid to work.
> It all compiles (squid and openssl) fine, but with heavy use I get the
> following error
>
> 2002/05/16 16:04:07| clientNegotiateSSL: Error negotiating SSL connection on
> FD 38: error:240
> 64064:random number generator:SSLEAY_RAND_BYTES:PRNG not seeded
>
> And customers complain that they get blank pages.
>
> So, I read the manual and search the web.
> I've seen on the openssl FAQ that this error is generated by the openssl
> libraries. Since there is no /dev/random or other egd generator on Solaris
> you have to install your own.
>
> I've downloaded egd from http://www.lothar.com/tech/crypto
> compiled and installed it. It is now running on /etc/system.
>
> Now I can see that squid isn't using it.
> I found this out with
> # lsof /etc/entropy
> COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
> egd.pl 7077 root 4u unix 105,10 0t0 124192
> /devices/pseudo/tl@0:ticots->/etc/entropy (0x300016b9c30)
> (Vnode=0x300009740e0)
>
> So what I'm wondering is how I can tell Squid to use the RAND_egd() command
> to use /etc/entropy
> as a source of entrypy to be used by squid??
>
> Suggestions anyone?
>
> Peter Kassies
Received on Fri May 17 2002 - 16:59:49 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:08:09 MST