Bug 450679 - certtool get timeout
certtool get timeout
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: gnutls (Show other bugs)
8
i386 Linux
low Severity high
: ---
: ---
Assigned To: Tomas Mraz
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-06-10 08:05 EDT by Edouard Bourguignon
Modified: 2008-06-11 09:34 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-06-10 08:21:16 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Edouard Bourguignon 2008-06-10 08:05:29 EDT
Description of problem:
Can't generate keys using certtool.

Version-Release number of selected component (if applicable):
gnutls-utils-1.6.3-3.fc8

How reproducible:
static

Steps to Reproduce:
1. certtool --generate-privkey
2. Nothing happens...
3. strace -p $(pidof certtool) => timeout on select()
  
Actual results:
# certtool --generate-privkey
Generating a private key...
Generating a 1024 bit RSA private key...
[then nothing]

Expected results:
Should generate the privkey

Additional info:
OpenSSL works fine. I'm just trying to follow this doc
http://libvirt.org/remote.html#Remote_TLS_server_certificates is it outdated?
Comment 1 Tomas Mraz 2008-06-10 08:21:16 EDT
gnutls uses /dev/random for generating the most security critical random
material such as private keys. You need to have some source of entropy on the
system where you're generating private keys.
Comment 2 Edouard Bourguignon 2008-06-11 08:11:34 EDT
The timeout is on the /dev/random access? 

The /dev/random works on my system, how can I get more entropy to be able to use
gnutls?

openssl doesn't use /dev/random? I'm just trying to understand why I can't use
certtool.
Comment 3 Tomas Mraz 2008-06-11 08:35:32 EDT
OpenSSL uses /dev/urandom for seeding the internal RNG.

You can get more entropy into the system by pressing random keystrokes or moving
mouse randomly. If it is a server without attached keyboard and mouse it is a
problem though. There are some specialized RNG devices in some CPUs or
motherboard chipsets though.
Comment 4 Edouard Bourguignon 2008-06-11 09:34:12 EDT
thank you for all this information

You guess right I don't have physical access to the servers. I have no choice
and will use OpenSSL

Note You need to log in before you can comment on or make changes to this bug.