httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kaspar Brand <httpd-dev.2...@velox.ch>
Subject Re: svn commit: 1573360 - SSLPassPhraseDialog arguments changed in 2.4.x
Date Wed, 16 Apr 2014 06:45:18 GMT
On 14.04.2014 10:47, Jan Kalu┼ża wrote:
> On 04/12/2014 12:37 PM, Kaspar Brand wrote:
>> We can partly restore the argument structure for "exec"-type programs,
>> but effectively, lifting the limit of 2 (or 3) certs per SSL host means
>> that there's no longer a reliable way of determining if we are actually
>> loading an "RSA", "DSA", or "ECC" key when calling the
>> SSLPassPhraseDialog program.
> 
> It would be useful to have the same arguments as before, but if that's 
> not possible to do in all cases now, I would say just increasing the 
> arguments count won't help anything.

I'm attaching a cleaned up patch, which does it in a somewhat more
systematic way. If we apply this to 2.4.x, then we have at least
compatibility with existing configs and exec-type SSLPassPhraseDialog
programs.

> I have already asked the original reporter of this incompatibility, but 
> I have not received the answer yet. I will try to ask him again and will 
> write an email if I get the response this time.
> 
> My guess is that they are just using that second argument in the script 
> and since the argument is not here, the script is failing now. I don't 
> think it's used for anything more important than that, but I have no 
> clue right now.

For the sake of transparency/completeness, this is the bug report for
Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=1084230

> Anyway, would you merge your documentation patch with httpd-2.4 with the 
> mention it changed in 2.4.9?

I already did that with r1585902 (cf.
http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslpassphrasedialog).

Kaspar

Mime
View raw message