Hi Ben,
Am Fre, 2002-09-27 um 15.55 schrieb Ben Laurie:
Thomas Gebhardt wrote:
Hi Ben,
The Apache configuration is read twice, once before detaching and once
after. So, the second passphrase read is caused by the second config
read. Of course, it'll also fail if Apache is restarted, which is why my
advice is normally to not have a passphrase on the key (since its stored
in memory in the Apache process, the value of passphrasing it is dubious
in any case).
Isn't this the problem here? You said the configuration is read a second
time after detaching. And after detaching there is no tty to read from.
So I'm trying to figure out what to do. As Christoph pointed out,
the problem arises from reading the config file while already
being detached from the tty. Could you give us a hint how to fix
that? Which change in the code might have broken it? Password
protected keys worked well with potato apache-ssl and still work
with our Apache/1.3.26 Ben-SSL/1.48 (AIX) server, so there
seems to be a chance to fix the flaw in debian
apache-ssl-1.3.26.1+1.48.
I've lost the context here - wasn't this the problem that turned out to
be some library closing stdin (in which case, even if I stop Apache-SSL
from dying, you are still screwed, coz there's nowhere to read the
passphrase from)? Or am I confused?
See above. How can you read from a tty if you have already detached?