Ralf Hildebrandt:
> * Wietse Venema <wie...@porcupine.org>:
>
> > A couple years ago, Gnu TLS would exit the program (exit status 2)
> > instead of reporting an error to Postfix, so that Postfix could
> > switch to plaintext where appropriate.
> >
> > http://www.postfix.org/TLS_README.html#build_tls
>
> Should I retry a build with GNUTLS?
Apparently this library freaks out when there's no /dev/*random,
so this is a double idiot problem.
Idiot #1: GnuTLS library calls exit instead of allowing applications
such as Postfix to provide randomness. Postfix provides randomness
via a tlsmgr daemon that runs outside the chroot jail and that has
access to /dev/*random.
Idiot #2: Linux distro turns on CHROOT by default, but provides no
/dev/*random.
You're welcome to reproduce this.
Wietse
