403 Forbidden from client - Seeding PRNG with 0 bytes of entropy

This is a multi-part message in MIME format.

------=_NextPart_000_0004_01C4F591.961D4460
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit

I had a webserver running with this exact same setup recently and have moved
to a new server.



I am running:

Apache/2.0.52 (FreeBSD) PHP/4.3.10 mod_ssl/2.0.52 OpenSSL/0.9.7d
mod_perl/1.99_18 Perl/v5.8.5



I created a new csr on the new server and had a certificate re-issued from
my authority.

Now when I load up the https using the same configuration as the old
server.. I get 403 Forbidden in the browser.



The httpd error-log looks like this:



[Sat Jan 08 14:43:12 2005] [info] Connection to child 5 established (server
www.ocsd.ca:443, client 65.92.64.70)

[Sat Jan 08 14:43:12 2005] [info] Seeding PRNG with 0 bytes of entropy

[Sat Jan 08 14:43:12 2005] [debug] ssl_engine_kernel.c(1771): OpenSSL:
Handshake: start

[Sat Jan 08 14:43:12 2005] [debug] ssl_engine_kernel.c(1779): OpenSSL: Loop:
before/accept initialization

[Sat Jan 08 14:43:12 2005] [debug] ssl_engine_io.c(1506): OpenSSL: read
11/11 bytes from BIO#98d2ac0 [mem: b434000] (BIO dump foll

<!-insert about 5 dumps -->

[Sat Jan 08 14:43:12 2005] [info] Initial (No.1) HTTPS request received for
child 5 (server www.ocsd.ca:443)

[Sat Jan 08 14:43:12 2005] [error] [client 65.92.64.70] client denied by
server configuration: /home/domains/ocsd.ca/web/







I've looked all over and I have a feeling that the Seeding PRNG with 0 bytes
of entropy is the problem.. but I've done everything with ssl.conf in apache
to update with SSLRandomSeed startup file:/dev/random 512 etc etc..



But I can't seem to get that to change.. maybe I'm overlooking something.



Any help would be greatly appreciated,



Thanks,



Devin




------=_NextPart_000_0004_01C4F591.961D4460
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:st1=3D"urn:schemas-microsoft-com:office:smarttags" =
xmlns=3D"http://www.w3.org/TR/REC-html40">

<head>
<meta http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dus-ascii">
<meta name=3DGenerator content=3D"Microsoft Word 11 (filtered medium)">
<o:SmartTagType =
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"
name=3D"place"/>
<!--[if !mso]>
<style>
st1\:*{behavior:url(#default#ieooui) }
</style>
<![endif]-->
<style>
<!--
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:Arial;
color:windowtext;}
[at] page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
{page:Section1;}
-->
</style>

</head>

<body lang=3DEN-US link=3Dblue vlink=3Dpurple>

<div class=3DSection1>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>I had a webserver running with this exact same setup
recently and have moved to a new server.<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>I am running:<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Apache/2.0.52 (FreeBSD) PHP/4.3.10 mod_ssl/2.0.52
OpenSSL/0.9.7d mod_perl/1.99_18 Perl/v5.8.5<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>I created a new csr on the new server and had a =
certificate
re-issued from my authority.<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Now when I load up the https using the same =
configuration as
the old server.. I get 403 Forbidden in the =
browser.<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>The httpd error-log looks like =
this:<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>[Sat Jan 08 14:43:12 2005] [info] Connection to child =
5
established (server www.ocsd.ca:443, client =
65.92.64.70)<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>[Sat Jan 08 14:43:12 2005] [info] Seeding PRNG with 0 =
bytes
of entropy<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>[Sat Jan 08 14:43:12 2005] [debug]
ssl_engine_kernel.c(1771): OpenSSL: Handshake: =
start<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>[Sat Jan 08 14:43:12 2005] [debug]
ssl_engine_kernel.c(1779): OpenSSL: <st1:place =
w:st=3D"on">Loop</st1:place>:
before/accept initialization<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>[Sat Jan 08 14:43:12 2005] [debug] =
ssl_engine_io.c(1506):
OpenSSL: read 11/11 bytes from BIO#98d2ac0 [mem: b434000] (BIO dump =
foll<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><!—insert about 5 dumps =
--><o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>[Sat Jan 08 14:43:12 2005] [info] Initial (No.1) =
HTTPS
request received for child 5 (server =
www.ocsd.ca:443)<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>[Sat Jan 08 14:43:12 2005] [error] [client =
65.92.64.70]
client denied by server configuration: =
/home/domains/ocsd.ca/web/<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>I’ve looked all over and I have a feeling that =
the Seeding
PRNG with 0 bytes of entropy is the problem.. but I’ve done =
everything
with ssl.conf in apache to update with SSLRandomSeed startup
file:/dev/random  512    etc =
etc..<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>But I can’t seem to get that to change.. maybe =
I’m
overlooking something.<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Any help would be greatly =
appreciated,<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Thanks,<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>

<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'>Devin<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'><o:p> </o:p></span></font></p>

</div>

</body>

</html>

------=_NextPart_000_0004_01C4F591.961D4460--

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users [at] modssl.org
Automated List Manager majordomo [at] modssl.org