Hi Ben,
I've lost the context here - wasn't this the problem that turned out to
be some library closing stdin (in which case, even if I stop Apache-SSL
from dying, you are still screwed, coz there's nowhere to read the
passphrase from)? Or am I confused?
Maybe I am confused also :-(
Here is the problem:
The apache-ssl package (1.3.26.1+1.48-0woody2) in the current stable
version 3.0 ("woody") of Debian GNU/Linux does not work with passphrase
protected keys; this is reported in the bug tracking system.
(http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=136052&repeatmerged=yes)
Even if you give the correct passphrase, the server does not start,
and the error log says "routines:DEF_CALLBACK:problems getting password"
As far as I can see, this problem is debian sepcific even though
there doesn't seem to be anything special in the debian version
of apache-ssl
Debian apache-ssl has everything which is in Debian apache plus the
SSLpatch; nothing special.
which is puzzling.
By an analysis of the system call trace Christoph pointed out, that
the configuration file is parsed twice when starting apache-ssl.
The first time when the configuration is parsed, the passphrase
is read from the tty and everything seems ok. When parsing the
config file a second time, the process cannot read from the tty
open("/dev/tty", O_RDONLY) -1 ENXIO
(No such device or address)
and thus cannot access the key data.
Trying to fix the flaw, several questions arise:
Is apache-ssl supposed to read the config file twice?