Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Generate .rnd file if it doesn't exist. #2074

Merged

Conversation

msaggiorato
Copy link
Member

@msaggiorato msaggiorato commented Feb 14, 2020

This fixes an issue with the latest box (and also a couple of versions before), which didn't have a proper /root/.rnd file which is necessary for generating a certificate.

Seems to address #2072 , right now tls-ca is working for me without the change in syntax proposed in #2073 .

I got this error while provisioning from scratch with 3.2.0 and 3.3.0 with the latest box.

 * Sign the certificate using the above private key...
Can't load /root/.rnd into RNG
139738907833408:error:2406F079:random number generator:RAND_load_file:Cannot open file:../crypto/rand/randfile.c:98:Filename=/root/.rnd

@h4r1m4u
Copy link
Contributor

h4r1m4u commented Feb 14, 2020

I tried this and it doesn't fix the #2072 issue for me. The 'if' block in provision/provision-site.sh always executes the 'else' branch and the provisioned sites use the default vvv.test certificate instead of their own certs.

@Mte90 Mte90 requested a review from tomjn Feb 14, 2020
@Mte90
Copy link
Member

Mte90 commented Feb 14, 2020

I don't get that error on provisioning but I don't think that is a problem to add that check for the machine to avoid issues for others, what do you think @tomjn?

@tomjn
Copy link
Member

tomjn commented Feb 17, 2020

Does this belong in the nginx setup? I don't have a /root/.rnd in my VM, I believe this is unrelated to #2072

@tomjn
Copy link
Member

tomjn commented Feb 17, 2020

Related OpenVPN/easy-rsa#261 and https://security.stackexchange.com/questions/177509/purpose-of-randfile-in-openssl/177512#177512

Information Security Stack Exchange
What is the purpose of the RANDFILE in an OpenSSL configuration file (specifically, the ca section)? The man page entry, config, just describes this as: At startup the specified file is loaded i...

@msaggiorato
Copy link
Member Author

msaggiorato commented Feb 17, 2020

For me, not having this file made the SSL configuration of nginx not work at all. That's why I attempted this.

This is on a fresh provision (after a full destroy, and with the latest box).

tomjn
tomjn approved these changes Feb 20, 2020
@tomjn tomjn merged commit b4a05e6 into Varying-Vagrant-Vagrants:develop Feb 20, 2020
2 checks passed
@msaggiorato msaggiorato deleted the hotfix/issue-with-ssl branch Apr 9, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

4 participants