httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 59693] New: SSLPassPhraseDialog builtin, remember passwords
Date Mon, 13 Jun 2016 15:56:37 GMT
https://bz.apache.org/bugzilla/show_bug.cgi?id=59693

            Bug ID: 59693
           Summary: SSLPassPhraseDialog builtin, remember passwords
           Product: Apache httpd-2
           Version: 2.4-HEAD
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: mod_ssl
          Assignee: bugs@httpd.apache.org
          Reporter: ben.rubson@gmail.com

Hello,

Let's assume the following configuration :
SSLPassPhraseDialog builtin

Goal of this request would be to add an option so that Apache will remember
manually given passwords until it exits.

This would allow to add new VirtualHosts just reloading Apache configuration,
when these VirtualHosts use certificates protected by one of the passwords
manually given at Apache startup.

For now, when we add such a VirtualHost and reload configuration, Apache
crashes with the following :
AH02578: Init: Unable to read pass phrase [Hint: key introduced or changed
before restart?]
SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong
tag
SSL Library Error: error:0D08303A:asn1 encoding
routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error
SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong
tag
SSL Library Error: error:0D07803A:asn1 encoding
routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=RSA)
SSL Library Error: error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib
SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong
tag
SSL Library Error: error:0D07803A:asn1 encoding
routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=PKCS8_PRIV_KEY_INFO)
AH02312: Fatal error initialising mod_ssl, exiting.
AH02564: Failed to configure encrypted (?) private key my.server.com:443:0,
check /home/server/my.server.com.key
AH00020: Configuration Failed, exiting

We could use SSLPassPhraseDialog | or SSLPassPhraseDialog exec, but goal is to
avoid storing passwords on disk or giving a simple method to retrieve them.
We may also wonder whether keeping passwords in memory is safe or not.
Perhaps they will be more difficult to retrieve than with | or exec method...

Thank you !

Ben

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message