fetchmail-friends
[Top] [All Lists]

[fetchmail]OpenSSL and Kerberos errors on Solaris

2001-04-27 14:51:49
Hello everybody,

Today, I'm compiled fetchmail-5.8.0 and fetchmail-5.8.1 on Solaris/
SunOS. The basic features work, but I got problems with the OpenSSL
and Kerberos support.

Fetchmail: 5.8.0 and 5.8.1
System:    SunOS 5.7 (sun4u sparc SUNW,Ultra-5_1)
OpenSSL:   0.9.6

(1) OpenSSL-Problem
-------------------

If I use a SSL connection, I get the following error:

| 5064:error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG
| not seeded:md_rand.c:474:You need to read the OpenSSL FAQ,
| http://www.openssl.org/support/faq.html

In the FAQ we can read:

| 1. Why do I get a "PRNG not seeded" error message?
|
| Cryptographic software needs a source of unpredictable data to work
| correctly. Many open source operating systems provide a "randomness
| device" that serves this purpose. On other systems, applications have
| to call the RAND_add() or RAND_seed() function with appropriate data
| before generating keys or performing public key encryption.
|
| Some broken applications do not do this.
| ...

As a hot-fix I inserted the function RAND_seed() with some static data:

--- socket.c    Tue Apr 10 14:56:06 2001
+++ socket.c.new    Tue Apr 10 18:32:27 2001
@@ -755,6 +755,8 @@
  */
 int SSLOpen(int sock, char *mycert, char *mykey, char *myproto, char 
*servercname )
 {
+       const char  *something="DHJSHDHSDHSFAJKAJKFJKAFKJAFJKASDFJFJK...";
+       RAND_seed(something,strlen(something));
        SSL_load_error_strings();
        SSLeay_add_ssl_algorithms();

Probably, fetchmail should call RAND_seed() or RAND_add() with useful
data, if we otherwise get the error message.

(2) Kerberos Problem
--------------------

The configure-options "--with-kerberos" and "--with-kerberos5" don't
work on Solaris. The kerberos include files (V4 or V5: I don't know)
are in /usr/include/kerberos on Solaris. But this files are not
detected automatically and "--with-kerberos=/usr/include/kerberos"
also don't work.

Is this a configuration error or do I need an other Kerberos Library
for Solaris?

--
Björn Voigt <bjoern(_at_)cs(_dot_)tu-berlin(_dot_)de>
WWW:     http://user.cs.tu-berlin.de/~bjoern/




<Prev in Thread] Current Thread [Next in Thread>
  • [fetchmail]OpenSSL and Kerberos errors on Solaris, Bjoern Voigt <=