> My code miraculously worked without modification when building against
> 0.9.4.
> 0.9.5a and the snapshot broke the same code at the handshake, giving the
> 'PRNG not seeded' message.
...
> the cert creation and translation tests and
> suggested that I set the RANDFILE environment variable - which helped
> exactly squat.
The openssl program does honor the RANDFILE variable, but programs
using openssl don't unless specifically programmed to do so
> Maybe stunnel isn't the problem? Try building it against 0.9.4. Just
> for Yuks.
go ahead and build against the older version. You'll get an stunnel
binary that runs. That does not mean, however, that it is working.
No random data == not strong crypto == you may as well use cleartext.
Speaking as someone who is not on the openssl development team at all
I'm extreemly glad they made their code barf if it wasn't able to do
it's job properly (ie the application programmers didn't give openssl
the random data it needed to do it's job)
And that is speaking as a person who has added in the proper seeding
to stunnel -- go grab version 3.8p1 or better from stunnel.org.
stunnel 3.8 is broken. It will only work with older versions of
openssl because it -- stunnel -- is broken.
Don't blame the openssl folks for keeping application programers honest.
--
Brian Hatch "But not denying it doesn't
Systems and make it true any more than
Security Engineer not confirming it makes it false."
http://www.ifokr.org/bri/
Every message PGP signed
PGP signature
