From owner-freebsd-current Tue Mar 27 13:37:19 2001 Delivered-To: freebsd-current@freebsd.org Received: from segfault.kiev.ua (segfault.kiev.ua [193.193.193.4]) by hub.freebsd.org (Postfix) with ESMTP id 6AD6037B71A for ; Tue, 27 Mar 2001 13:37:08 -0800 (PST) (envelope-from netch@iv.nn.kiev.ua) Received: (from uucp@localhost) by segfault.kiev.ua (8) with UUCP id AOB16157; Wed, 28 Mar 2001 00:36:35 +0300 (EEST) (envelope-from netch@iv.nn.kiev.ua) Received: (from netch@localhost) by iv.nn.kiev.ua (8.11.3/8.11.3) id f2RLaPw00555; Wed, 28 Mar 2001 00:36:25 +0300 (EEST) (envelope-from netch) Date: Wed, 28 Mar 2001 00:36:25 +0300 From: Valentin Nechayev To: Mark Murray Cc: freebsd-current@FreeBSD.ORG Subject: Re: random woes ("no RSA support in libssl and libcrypto") Message-ID: <20010328003625.A305@iv.nn.kiev.ua> References: <20010327113405.A501@iv.nn.kiev.ua> <200103270932.f2R9Vxf78104@gratis.grondar.za> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200103270932.f2R9Vxf78104@gratis.grondar.za>; from mark@grondar.za on Tue, Mar 27, 2001 at 11:33:11AM +0200 X-42: On Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Tue, Mar 27, 2001 at 11:33:11, mark (Mark Murray) wrote about "Re: random woes ("no RSA support in libssl and libcrypto")": > > Well, but it says about `options RANDOMDEV'. Later, `device random' was > > invented instead of it. A few days ago I installed -CURRENT > > (date=2001.03.25.12.00.00) with removing all previous content of /usr/lib > > (which contained legacy since 3.1-RELEASE) and /usr/sbin/sshd began to refuse > > supporting protocol 1 with identical message > > (`no RSA support in libssl and libcrypto. See ssl(8)'). Also, > > kernel was build with `device random', and > > > > netch@iv:/usr/HEAD/src/sys/i386/conf>egrep '(RSA|USA)' /etc/make.conf > > # If you're resident in the USA, this will help various ports to determine > > USA_RESIDENT= NO > > WITH_RSA=YES > You missed (and deleted) the bit where it tells you to rerun MAKEDEV > to rebuild your devices. No, /dev/urandom was correct, 'MAKEDEV all' was run properly. The only change was to remove old libraries, which are not installed via installworld in modern -CURRENT, from /usr/lib. > > And, my questions are > > 1) What can happen to refuse RSA support in libcrypto, with environment > > described above? > An incorrect /dev/urandom No. > > 3) Can anybody provide more descriptive message when random device > > works improperly? > Yes. I'm working on making the random device itself moan at you. Thank you for polite reply.;) But, the problem is not solved in this way. That's why I asked some description how to diagnose these problems. Instead of its I received random moans. Ok, thanks. /netch To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message