Return-Path: 
 <bugs-return-10429-apmail-httpd-bugs-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-bugs-archive@www.apache.org
Received: (qmail 41055 invoked from network); 14 Nov 2003 07:29:51 -0000
Received: from daedalus.apache.org (HELO mail.apache.org) (208.185.179.12)
  by minotaur-2.apache.org with SMTP; 14 Nov 2003 07:29:51 -0000
Received: (qmail 67137 invoked by uid 500); 14 Nov 2003 07:29:28 -0000
Delivered-To: apmail-httpd-bugs-archive@httpd.apache.org
Received: (qmail 66903 invoked by uid 500); 14 Nov 2003 07:29:27 -0000
Mailing-List: contact bugs-help@httpd.apache.org; run by ezmlm
Precedence: bulk
List-Post: <mailto:bugs@httpd.apache.org>
List-Help: <mailto:bugs-help@httpd.apache.org>
List-Unsubscribe: <mailto:bugs-unsubscribe@httpd.apache.org>
List-Subscribe: <mailto:bugs-subscribe@httpd.apache.org>
Reply-To: "Apache HTTPD Bugs Notification List" <bugs@httpd.apache.org>
Delivered-To: mailing list bugs@httpd.apache.org
Received: (qmail 66887 invoked from network); 14 Nov 2003 07:29:27 -0000
Received: from unknown (HELO exchange.sun.com) (192.18.33.10)
  by daedalus.apache.org with SMTP; 14 Nov 2003 07:29:27 -0000
Received: (qmail 15162 invoked by uid 50); 14 Nov 2003 07:29:41 -0000
Date: 14 Nov 2003 07:29:41 -0000
Message-ID: <20031114072941.15161.qmail@nagoya.betaversion.org>
From: bugzilla@apache.org
To: bugs@httpd.apache.org
Cc: 
Subject: DO NOT REPLY [Bug 24031]  -
    Passphrase protected private key in SSLProxyMachineCertificateFile causes
 SEGV
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N
X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24031>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24031

Passphrase protected private key in SSLProxyMachineCertificateFile causes SEGV





------- Additional Comments From kris.verbeeck@advalvas.be  2003-11-14 07:29 -------
Yes I think the solution should be to ask for the passphrase at Apache startup
(in the a similar way as it is done for the mod_ssl server keys).  As for the
second part of your question, Apache (the SSL proxy code) tries to use the
certificate to do client authentiation, but when it gets to the phase where it
should use the (decrypted) private key the SEGV occurs because there is no
decrypted version of that private key.  I traced trough the code and the actual
X509 object that is being used, does contain the correct client certificate and
encrypted private key.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org