httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kaspar Brand <httpd-dev.2...@velox.ch>
Subject Re: svn commit: 1573360 - SSLPassPhraseDialog arguments changed in 2.4.x
Date Sat, 05 Apr 2014 11:24:28 GMT
On 04.04.2014 12:22, Jan Kalu┼ża wrote:
> commit 1553824 (1573360 in 2.4.x) breaks the compatibility in arguments 
> passed to "exec:/path/to/program" pass phrase program. This should be 
> clear from the following part of mentioned commit(s):
> 
> -        argv[1] = cpVHostID;
> -        argv[2] = cpAlgoType;
> -        argv[3] = NULL;
> +        argv[1] = ppcb_arg->key_id;
> +        argv[2] = NULL;
> 
> Was this change intentional in trunk?

Yes, it's a consequence of no longer using a "keys" array which was
indexed by ssl_algo_t (see e.g. [1] for the overall motivation for
r1553824).

> If yes, I will document this, 
> because the change of mod_ssl documentation was not part of this patch.

My bad, I missed this in the docs for SSLPassPhraseDialog. I just
updated it in trunk with r1585045.

> However, I think this should not be accepted in 2.4.x branch, because it 
> breaks compatibility with external pass phrase programs in the stable 
> branch without any reason.

In 2.4.8 and later, the limit with the three named algorithms
(RSA/DSA/ECC) is gone, so there isn't a useful replacement for the
second argument (we could split off the "index" from the
"servername:port:index", though that doesn't make it more backwards
compatible with existing SSLPassPhraseDialog programs, most likely).

Can you provide more information about the specific script/program (and
what is causing the incompatibility)? This would help in getting a
better understanding of the problem, I think.

Kaspar

[1] https://mail-archives.apache.org/mod_mbox/httpd-dev/201310.mbox/%3C524AA0CB.5000507@opensslfoundation.com%3E


Mime
View raw message