Hi Ben, Am Fre, 2002-09-27 um 15.55 schrieb Ben Laurie: > Thomas Gebhardt wrote: > > Hi Ben, > >>The Apache configuration is read twice, once before detaching and once > >>after. So, the second passphrase read is caused by the second config > >>read. Of course, it'll also fail if Apache is restarted, which is why my > >>advice is normally to not have a passphrase on the key (since its stored > >>in memory in the Apache process, the value of passphrasing it is dubious > >>in any case). Isn't this the problem here? You said the configuration is read a second time after detaching. And after detaching there is no tty to read from. > > So I'm trying to figure out what to do. As Christoph pointed out, > > the problem arises from reading the config file while already > > being detached from the tty. Could you give us a hint how to fix > > that? Which change in the code might have broken it? Password > > protected keys worked well with potato apache-ssl and still work > > with our Apache/1.3.26 Ben-SSL/1.48 (AIX) server, so there > > seems to be a chance to fix the flaw in debian > > apache-ssl-1.3.26.1+1.48. > > I've lost the context here - wasn't this the problem that turned out to > be some library closing stdin (in which case, even if I stop Apache-SSL > from dying, you are still screwed, coz there's nowhere to read the > passphrase from)? Or am I confused? See above. How can you read from a tty if you have already detached? I don't know if Debian (no-ssl) apache does something special after detaching. Mathew? Christoph
Attachment:
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil