You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2020/09/08 15:26:07 UTC

[Bug 64722] New: SSLPassPhraseDialog builtin doesn't prompt for passphrase

https://bz.apache.org/bugzilla/show_bug.cgi?id=64722

            Bug ID: 64722
           Summary: SSLPassPhraseDialog builtin doesn't prompt for
                    passphrase
           Product: Apache httpd-2
           Version: 2.4.34
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_ssl
          Assignee: bugs@httpd.apache.org
          Reporter: kvedenskii@axway.com
  Target Milestone: ---

builtin program for SSLPassPhraseDialog doesn't prompt for password on apache
start / restart via systemd, and apache fails to boot. Changing certificate
path and generating new ones doesn't make any difference.
When I switch to httpd-ssl-pass-dialog from mod_ssl package it prompts for
passphrase and restarts just fine.

Distro:
Red Hat Enterprise Linux Server release 7.8 (Maipo)

=====
Apache:
Server version: Apache/2.4.34 (Red Hat)
Server built:   Mar 17 2020 09:34:59
Server's Module Magic Number: 20120211:79
Server loaded:  APR 1.4.8, APR-UTIL 1.5.2
Compiled using: APR 1.4.8, APR-UTIL 1.5.2
Architecture:   64-bit
Server MPM:     prefork
  threaded:     no
    forked:     yes (variable process count)
Server compiled with....
 -D APR_HAS_SENDFILE
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
 -D APR_USE_SYSVSEM_SERIALIZE
 -D APR_USE_PTHREAD_SERIALIZE
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D DYNAMIC_MODULE_LIMIT=256
 -D HTTPD_ROOT="/opt/rh/httpd24/root/etc/httpd"
 -D SUEXEC_BIN="/opt/rh/httpd24/root/usr/sbin/suexec"
 -D DEFAULT_PIDLOG="run/httpd.pid"
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_ERRORLOG="logs/error_log"
 -D AP_TYPES_CONFIG_FILE="conf/mime.types"
 -D SERVER_CONFIG_FILE="conf/httpd.conf"

=====
Certificates generated with:
openssl genrsa -des3 -out server.key 2048
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

=====
SSL configuration:
SSLEngine on
SSLCertificateFile "/root/tmp/server.crt"
SSLCertificateKeyFile "/root/tmp/server.key"
SSLProtocol all -TLSv1.1 -TLSv1 -SSLv2 -SSLv3
SSLCipherSuite HIGH:!aNULL:!MD5:!3DES
SSLHonorCipherOrder on

=====
Error log:
attached

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 64722] SSLPassPhraseDialog builtin doesn't prompt for passphrase

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=64722

--- Comment #1 from kvedenskii@axway.com ---
Created attachment 37435
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=37435&action=edit
error log

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 64722] SSLPassPhraseDialog builtin doesn't prompt for passphrase

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=64722

Joe Orton <jo...@redhat.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |INVALID
             Status|NEW                         |RESOLVED

--- Comment #2 from Joe Orton <jo...@redhat.com> ---
(In reply to kvedenskii from comment #0)
> builtin program for SSLPassPhraseDialog doesn't prompt for password on
> apache start / restart via systemd, and apache fails to boot. Changing
> certificate path and generating new ones doesn't make any difference.
> When I switch to httpd-ssl-pass-dialog from mod_ssl package it prompts for
> passphrase and restarts just fine.

So use that?  The script is provided to prompt via systemd.  If you want to
prompt from a tty when running httpd directly, that will work fine if you use
builtin.  The httpd_tty_comm boolean may make a difference here.

Regardless, if you are using a build of httpd provided by a vendor, please
report bugs directly to the vendor (i.e. Red Hat in this case) rather than
upstream.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org