You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2020/09/08 15:26:07 UTC
[Bug 64722] New: SSLPassPhraseDialog builtin doesn't prompt for
passphrase
https://bz.apache.org/bugzilla/show_bug.cgi?id=64722
Bug ID: 64722
Summary: SSLPassPhraseDialog builtin doesn't prompt for
passphrase
Product: Apache httpd-2
Version: 2.4.34
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: mod_ssl
Assignee: bugs@httpd.apache.org
Reporter: kvedenskii@axway.com
Target Milestone: ---
builtin program for SSLPassPhraseDialog doesn't prompt for password on apache
start / restart via systemd, and apache fails to boot. Changing certificate
path and generating new ones doesn't make any difference.
When I switch to httpd-ssl-pass-dialog from mod_ssl package it prompts for
passphrase and restarts just fine.
Distro:
Red Hat Enterprise Linux Server release 7.8 (Maipo)
=====
Apache:
Server version: Apache/2.4.34 (Red Hat)
Server built: Mar 17 2020 09:34:59
Server's Module Magic Number: 20120211:79
Server loaded: APR 1.4.8, APR-UTIL 1.5.2
Compiled using: APR 1.4.8, APR-UTIL 1.5.2
Architecture: 64-bit
Server MPM: prefork
threaded: no
forked: yes (variable process count)
Server compiled with....
-D APR_HAS_SENDFILE
-D APR_HAS_MMAP
-D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
-D APR_USE_SYSVSEM_SERIALIZE
-D APR_USE_PTHREAD_SERIALIZE
-D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
-D APR_HAS_OTHER_CHILD
-D AP_HAVE_RELIABLE_PIPED_LOGS
-D DYNAMIC_MODULE_LIMIT=256
-D HTTPD_ROOT="/opt/rh/httpd24/root/etc/httpd"
-D SUEXEC_BIN="/opt/rh/httpd24/root/usr/sbin/suexec"
-D DEFAULT_PIDLOG="run/httpd.pid"
-D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
-D DEFAULT_ERRORLOG="logs/error_log"
-D AP_TYPES_CONFIG_FILE="conf/mime.types"
-D SERVER_CONFIG_FILE="conf/httpd.conf"
=====
Certificates generated with:
openssl genrsa -des3 -out server.key 2048
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
=====
SSL configuration:
SSLEngine on
SSLCertificateFile "/root/tmp/server.crt"
SSLCertificateKeyFile "/root/tmp/server.key"
SSLProtocol all -TLSv1.1 -TLSv1 -SSLv2 -SSLv3
SSLCipherSuite HIGH:!aNULL:!MD5:!3DES
SSLHonorCipherOrder on
=====
Error log:
attached
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 64722] SSLPassPhraseDialog builtin doesn't prompt for
passphrase
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=64722
--- Comment #1 from kvedenskii@axway.com ---
Created attachment 37435
--> https://bz.apache.org/bugzilla/attachment.cgi?id=37435&action=edit
error log
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 64722] SSLPassPhraseDialog builtin doesn't prompt for
passphrase
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=64722
Joe Orton <jo...@redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |INVALID
Status|NEW |RESOLVED
--- Comment #2 from Joe Orton <jo...@redhat.com> ---
(In reply to kvedenskii from comment #0)
> builtin program for SSLPassPhraseDialog doesn't prompt for password on
> apache start / restart via systemd, and apache fails to boot. Changing
> certificate path and generating new ones doesn't make any difference.
> When I switch to httpd-ssl-pass-dialog from mod_ssl package it prompts for
> passphrase and restarts just fine.
So use that? The script is provided to prompt via systemd. If you want to
prompt from a tty when running httpd directly, that will work fine if you use
builtin. The httpd_tty_comm boolean may make a difference here.
Regardless, if you are using a build of httpd provided by a vendor, please
report bugs directly to the vendor (i.e. Red Hat in this case) rather than
upstream.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org