httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kaspar Brand <httpd-dev.2...@velox.ch>
Subject Re: Deprecating (and eventually removing) encrypted private key support in mod_ssl?
Date Sun, 17 Nov 2013 15:09:01 GMT
On 17.11.2013 15:43, Dr Stephen Henson wrote:
> On 13/11/2013 14:06, Kaspar Brand wrote:
>>
>> - only supporting unencrypted private keys with "SSLOpenSSLConfCmd
>>   PrivateKey ..."
>>
> 
> Just to clarify that. Do you mean that SSLOpenSSLConfCmd shouldn't work with
> encrypted private keys at all (e.g. return an error) or that it is just
> documented that they might not work as expected?

I'm ok with how it currently behaves. In my WIP patch (see previous
message), I'm just disabling the password prompt.

> The SSL_CONF code (which SSLOpenSSLConfCmd uses) should have support for
> encrypted private keys as other applications might want to use it.

Sure, no problem with that.

> The SSL_CONF
> code wasn't designed exclusively for mod_ssl use: though I have to admit I was
> partly thinking about how useful it could be in mod_ssl when I wrote it.

It's turning out to be quite useful for mod_ssl, and definitely helps in
exposing new OpenSSL features to httpd without the need of having to
adding new explicit code. Thanks!

Kaspar

Mime
View raw message