使用 OpenSSL 什么“无法编写‘随机状态’"?意思是? [英] Using OpenSSL what does "unable to write 'random state'" mean?
问题描述
我正在生成一个自签名 SSL 证书来保护我服务器的管理部分,并且我不断收到来自 OpenSSL 的消息:
<块引用>无法写入随机状态"
这是什么意思?
这是在 Ubuntu 服务器上.我已升级 libssl 以修复最近的安全漏洞.
在实践中,发生这种情况的最常见原因似乎是您主目录中的 .rnd 文件归 root 而不是您的帐户所有.快速修复:
sudo rm ~/.rnd有关更多信息,请参阅OpenSSL 常见问题中的条目::><块引用>
有时,openssl 命令行实用程序不会因PRNG 未播种"错误消息而中止,但会抱怨它无法写入‘随机状态’".此消息指的是默认种子文件(请参阅上一个答案).一个可能的原因是不知道默认文件名,因为 RANDFILE 和 HOME 都没有设置.(在这种情况下,0.9.6 之前的版本使用当前目录中的文件.rnd",但这在 0.9.6a 中已更改.)
所以我会检查 RANDFILE、HOME 和写入文件系统中这些位置的权限.
如果一切正常,您可以尝试使用 strace 运行,看看到底是什么正在进行中.
I'm generating a self-signed SSL certificate to protect my server's admin section, and I keep getting this message from OpenSSL:
unable to write 'random state'
What does this mean?
This is on an Ubuntu server. I have upgraded libssl to fix the recent security vulnerability.
In practice, the most common reason for this happening seems to be that the .rnd file in your home directory is owned by root rather than your account. The quick fix:
sudo rm ~/.rnd
For more information, here's the entry from the OpenSSL FAQ:
Sometimes the openssl command line utility does not abort with a "PRNG not seeded" error message, but complains that it is "unable to write 'random state'". This message refers to the default seeding file (see previous answer). A possible reason is that no default filename is known because neither RANDFILE nor HOME is set. (Versions up to 0.9.6 used file ".rnd" in the current directory in this case, but this has changed with 0.9.6a.)
So I would check RANDFILE, HOME, and permissions to write to those places in the filesystem.
If everything seems to be in order, you could try running with strace and see what exactly is going on.
这篇关于使用 OpenSSL 什么“无法编写‘随机状态’"?意思是?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
