From owner-freebsd-current  Tue Mar 27  1:32:35 2001
Delivered-To: freebsd-current@freebsd.org
Received: from gratis.grondar.za (grouter.grondar.za [196.7.18.65])
	by hub.freebsd.org (Postfix) with ESMTP id 9B42B37B719
	for <freebsd-current@FreeBSD.ORG>; Tue, 27 Mar 2001 01:32:28 -0800 (PST)
	(envelope-from mark@grondar.za)
Received: from grondar.za (root@gratis.grondar.za [196.7.18.133])
	by gratis.grondar.za (8.11.1/8.11.1) with ESMTP id f2R9Vxf78104;
	Tue, 27 Mar 2001 11:32:01 +0200 (SAST)
	(envelope-from mark@grondar.za)
Message-Id: <200103270932.f2R9Vxf78104@gratis.grondar.za>
To: Valentin Nechayev <netch@iv.nn.kiev.ua>
Cc: freebsd-current@FreeBSD.ORG
Subject: Re: random woes ("no RSA support in libssl and libcrypto") 
References: <20010327113405.A501@iv.nn.kiev.ua> 
In-Reply-To: <20010327113405.A501@iv.nn.kiev.ua> ; from Valentin Nechayev <netch@iv.nn.kiev.ua>  "Tue, 27 Mar 2001 11:34:06 +0300."
Date: Tue, 27 Mar 2001 11:33:11 +0200
From: Mark Murray <mark@grondar.za>
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> > See src/UPDATING 20000624
> 
> Well, but it says about `options RANDOMDEV'. Later, `device random' was
> invented instead of it. A few days ago I installed -CURRENT
> (date=2001.03.25.12.00.00) with removing all previous content of /usr/lib
> (which contained legacy since 3.1-RELEASE) and /usr/sbin/sshd began to refuse
> supporting protocol 1 with identical message
> (`no RSA support in libssl and libcrypto.  See ssl(8)'). Also,
> kernel was build with `device random', and
> 
> netch@iv:/usr/HEAD/src/sys/i386/conf>egrep '(RSA|USA)' /etc/make.conf
> # If you're resident in the USA, this will help various ports to determine
> USA_RESIDENT=           NO
> WITH_RSA=YES

You missed (and deleted) the bit where it tells you to rerun MAKEDEV
to rebuild your devices.

> And, my questions are
> 1) What can happen to refuse RSA support in libcrypto, with environment
> described above?

An incorrect /dev/urandom

> 2) How can one diagnose reason of such problems without abusing studying
> of libcrypto internals?

More reading of UPDATING? I'll see if I can get it clarified.

> 3) Can anybody provide more descriptive message when random device
> works improperly?

Yes. I'm working on making the random device itself moan at you.

M
-- 
Mark Murray
Warning: this .sig is umop ap!sdn

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message