You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2016/06/13 15:56:37 UTC
[Bug 59693] New: SSLPassPhraseDialog builtin, remember passwords
https://bz.apache.org/bugzilla/show_bug.cgi?id=59693
Bug ID: 59693
Summary: SSLPassPhraseDialog builtin, remember passwords
Product: Apache httpd-2
Version: 2.4-HEAD
Hardware: PC
OS: Linux
Status: NEW
Severity: enhancement
Priority: P2
Component: mod_ssl
Assignee: bugs@httpd.apache.org
Reporter: ben.rubson@gmail.com
Hello,
Let's assume the following configuration :
SSLPassPhraseDialog builtin
Goal of this request would be to add an option so that Apache will remember
manually given passwords until it exits.
This would allow to add new VirtualHosts just reloading Apache configuration,
when these VirtualHosts use certificates protected by one of the passwords
manually given at Apache startup.
For now, when we add such a VirtualHost and reload configuration, Apache
crashes with the following :
AH02578: Init: Unable to read pass phrase [Hint: key introduced or changed
before restart?]
SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong
tag
SSL Library Error: error:0D08303A:asn1 encoding
routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error
SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong
tag
SSL Library Error: error:0D07803A:asn1 encoding
routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=RSA)
SSL Library Error: error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib
SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong
tag
SSL Library Error: error:0D07803A:asn1 encoding
routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=PKCS8_PRIV_KEY_INFO)
AH02312: Fatal error initialising mod_ssl, exiting.
AH02564: Failed to configure encrypted (?) private key my.server.com:443:0,
check /home/server/my.server.com.key
AH00020: Configuration Failed, exiting
We could use SSLPassPhraseDialog | or SSLPassPhraseDialog exec, but goal is to
avoid storing passwords on disk or giving a simple method to retrieve them.
We may also wonder whether keeping passwords in memory is safe or not.
Perhaps they will be more difficult to retrieve than with | or exec method...
Thank you !
Ben
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 59693] SSLPassPhraseDialog builtin, remember passwords
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=59693
Ben RUBSON <be...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |LATER
--- Comment #1 from Ben RUBSON <be...@gmail.com> ---
OK, I've found a workaround, so I'm closing this feature request for now.
Perhaps one could re-open it if needed.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org