From owner-freebsd-current  Tue Mar 27  0:39:42 2001
Delivered-To: freebsd-current@freebsd.org
Received: from segfault.kiev.ua (segfault.kiev.ua [193.193.193.4])
	by hub.freebsd.org (Postfix) with ESMTP id 3746437B718
	for <freebsd-current@FreeBSD.ORG>; Tue, 27 Mar 2001 00:39:35 -0800 (PST)
	(envelope-from netch@iv.nn.kiev.ua)
Received: (from uucp@localhost)
	by segfault.kiev.ua (8) with UUCP id LPA10302;
	Tue, 27 Mar 2001 11:39:03 +0300 (EEST)
	(envelope-from netch@iv.nn.kiev.ua)
Received: (from netch@localhost)
	by iv.nn.kiev.ua (8.11.3/8.11.3) id f2R8Y6j00561;
	Tue, 27 Mar 2001 11:34:06 +0300 (EEST)
	(envelope-from netch)
Date: Tue, 27 Mar 2001 11:34:06 +0300
From: Valentin Nechayev <netch@iv.nn.kiev.ua>
To: Mark Murray <mark@grondar.za>
Cc: freebsd-current@FreeBSD.ORG
Subject: Re: random woes ("no RSA support in libssl and libcrypto")
Message-ID: <20010327113405.A501@iv.nn.kiev.ua>
References: <20010319120932.A88999@enst.fr> <200103191401.f2JE13f32088@gratis.grondar.za>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200103191401.f2JE13f32088@gratis.grondar.za>; from mark@grondar.za on Mon, Mar 19, 2001 at 04:02:08PM +0200
X-42: On
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

 Mon, Mar 19, 2001 at 16:02:08, mark (Mark Murray) wrote about "Re: random woes ("no RSA support in libssl and libcrypto")": 

> > ssh: no RSA support in libssl and libcrypto.  See ssl(8)
[...]
> > It seems the compatibility with the previous minor of urandom has
> > been silently removed (I assume this happened with the last
> > update/cleanup of the random device). It took me two hours to figure
> > it out.
> 
> See src/UPDATING 20000624

Well, but it says about `options RANDOMDEV'. Later, `device random' was
invented instead of it. A few days ago I installed -CURRENT
(date=2001.03.25.12.00.00) with removing all previous content of /usr/lib
(which contained legacy since 3.1-RELEASE) and /usr/sbin/sshd began to refuse
supporting protocol 1 with identical message
(`no RSA support in libssl and libcrypto.  See ssl(8)'). Also,
kernel was build with `device random', and

netch@iv:/usr/HEAD/src/sys/i386/conf>egrep '(RSA|USA)' /etc/make.conf
# If you're resident in the USA, this will help various ports to determine
USA_RESIDENT=           NO
WITH_RSA=YES

And, my questions are
1) What can happen to refuse RSA support in libcrypto, with environment
described above?
2) How can one diagnose reason of such problems without abusing studying
of libcrypto internals?
3) Can anybody provide more descriptive message when random device
works improperly?


/netch

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message