Bug#285371: exim4-daemon-heavy: gnutls-params not being re-created and hangs STARTTLS connections

[Marc Haber]

tags #285371 help
thanks

On Sun, Dec 12, 2004 at 01:29:02PM -0800, Yazz D. Atlas wrote:
> Recently I upgrade and now for some reason one of my machine has stopped
> creating the /var/spool/exim4/gnutls-params file after the
> /etc/cron.daily/exim4-base removes it. 
> 
> The file never is regenerated. So when a client connects expecting TLS
> the client hangs waiting for exim4 to send it the TLS go ahead.

This happens because the system is out of entropy, and the gnutls code
waits for new entropy to show up.

A possible fix would be generating new parameters in a separate
process, replacing the old ones with the new ones after successful
generation. This will probably suck up all entropy available for an
extended period of time, but to close this bug we need to deliver a
possibility for doing so.

Since I do not have any experience with gnutls coding, I am asking for
help.

What we need is a program that generates a new set of gnutls-params
and then dumps that set to a file, whose name is preferably given on
the command line. Additional points are given if that program doesn't
need root privileges to run.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835