[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#136052: apache-ssl in woody/stable can't use encrypted keys

Hi Ben,

Am Fre, 2002-09-27 um 15.55 schrieb Ben Laurie:
> Thomas Gebhardt wrote:
> > Hi Ben,
> >>The Apache configuration is read twice, once before detaching and once 
> >>after. So, the second passphrase read is caused by the second config 
> >>read. Of course, it'll also fail if Apache is restarted, which is why my 
> >>advice is normally to not have a passphrase on the key (since its stored 
> >>in memory in the Apache process, the value of passphrasing it is dubious 
> >>in any case).

Isn't this the problem here? You said the configuration is read a second
time after detaching. And after detaching there is no tty to read from.

> > So I'm trying to figure out what to do. As Christoph pointed out,
> > the problem arises from reading the config file while already
> > being detached from the tty. Could you give us a hint how to fix
> > that? Which change in the code might have broken it? Password
> > protected keys worked well with potato apache-ssl and still work
> > with our Apache/1.3.26 Ben-SSL/1.48 (AIX) server, so there
> > seems to be a chance to fix the flaw in debian
> > apache-ssl-
> I've lost the context here - wasn't this the problem that turned out to 
> be some library closing stdin (in which case, even if I stop Apache-SSL 
> from dying, you are still screwed, coz there's nowhere to read the 
> passphrase from)? Or am I confused?

See above. How can you read from a tty if you have already detached?

I don't know if Debian (no-ssl) apache does something special after
detaching.  Mathew?


Attachment: signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil

Reply to: