[Date Prev][Date Next] [Chronological] [Thread] [Top]

SSL/TLS and PRNGD



I've compiled OpenLDAP 2.1.12 with SSL/TLS but I suspect it is falling
down due to the lack of a /dev/random on my OS (Tru64 Unix):

ldapsearch -Z -x -D 'cn=....' -W -H 'ldaps://....' -b '....'
ldap_start_tls: Can't contact LDAP server (81)
additional info: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

Testing the SSL connection to OpenLDAP 636 using openssl s_client works,
but only if I specify the -rand option

openssl s_client -connect server:636 -CAfile /path/toCA.pem -rand /dev/egd-pool -state

without the -rand option it produces a 'PRNG not seeded' message. So I
suspect OpenLDAP is having the same problem. I had a look through all the
compile options for OpenLDAP but can't see anywhere where you could
specify a random number device. Is there anywhere I can set this in
OpenLDAP or is it a problem with my OpenSSL libraries?

Paul