www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kirk Benson <kirk.ben...@brokat.com>
Subject general/6068: Using mod_ssl with encrypted server keys, the pasphrase must be entered twice
Date Wed, 10 May 2000 18:15:30 GMT

>Number:         6068
>Category:       general
>Synopsis:       Using mod_ssl with encrypted server keys, the pasphrase must be entered
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Wed May 10 11:20:01 PDT 2000
>Originator:     kirk.benson@brokat.com
>Release:        1.3.12
NT4, SP5, MSVC++ 6.0
The following is the text of an email I posted to the opensa and mod_ssl maillists.

Hopefully this is also the right place to post it.

This posting concerns only Apache and mod_ssl on Win32.

After posting the following messages on the mod_ssl mail list, I did some more poking around
with the debugger.  My findings follow:

1) The password prompting originates in routine post_parse_init() in http_main.c.  It would
seem to me that the call to  "ap_init_modules(pconf, server_conf);" could be skipped if this
is not a child process (-Z parameter) AND not running in single process mode (-X parameter).
 This would mean that mod_ssl would normally not be initialized in the parent process, and
hence would not prompt for a passphrase.

I considered just adding parameters to post_parse_init() conveying the child/one-process booleans;
however, it appears that the routine is also called from service_init(), and I can't tell
what is supposed to happen when Apache runs as a NT service.
Therefore, I implemented the fix as follows:

a) created routine post_parse_init2(int child) as a copy of post_parse_init
b) #ifdef WIN32
c) The code for post_parse_init2 is:

#ifdef WIN32
void post_parse_init2(int child)
    if (child || one_process)
      ap_init_modules(pconf, server_conf);
    ap_suexec_enabled = init_suexec();
    ap_open_logs(server_conf, plog);

2) When a child is created, the code in create_process() does not fill in si.hStdOutput or
si.hStdError.  When I modified the code to set these fields via:
    si.hStdOutput = GetStdHandle(STD_OUTPUT_HANDLE);
    si.hStdError = GetStdHandle(STD_ERROR_HANDLE);
I then saw the prompt string!  It appears that it is the stderr handle that is needed.

3) Finally, ap_init_modules() is also called in subroutine master_main().  I enclosed the
call as follows:
#ifndef WIN32
	ap_init_modules(pconf, server_conf);

With these changes to http_main.c, I was able to start Apache, enter a single passphrase at
the prompt, and then connect via SSL.

I'm not too sure how to submit this type of bugfix for approval.  Hopefully Ralf or Daniel
can pass this on to the Apache team for insertion in the next release.

Kirk Benson

-----Original Message-----
To: modssl-users@modssl.org
Subject: RE: password - ask_twice (noch einmal)

Yesterday I downloaded the latest OpenSA Win32 source distribution for
Apache-1.3.12/mod_ssl-2.6.3 and built a debug version.  I incorporated the
1-line fix I previously suggested to Ralf (original message below) to see if
the problem was actually fixed.  It was not!

However, I did discover the cause of why the passphrase must be entered
twice.  The Apache executable creates a single child process, (which
inherits the parent console), and it is the child which is hanging waiting
for entry of the passphrase.  This also explains why a single entry does
work when Apache is started with the -X command line parameter.

I'm not yet familiar with the source code, so I can't suggest a fix.  I
assume that this is not a problem in UNIX because a forked child gets a copy
of the parent's memory and thus inherits a decrypted key, while in NT
CreateProcess() does not give a memory copy.  One idea that comes to mind is
for the parent to put the passphrase into an environment variable; since the
environment is inheritable, the child could obtain the passphrase therefrom.

It is not clear as well why the child process is not able to write a prompt
string before reading, at least making it clear what is needed.

Run standard Apache Win32 with mod_ssl and encrypted server key.
See description for my fix --- there may be more elegant ways to do it.
 [In order for any reply to be added to the PR database, you need]
 [to include <apbugs@Apache.Org> in the Cc line and make sure the]
 [subject line starts with the report component and number, with ]
 [or without any 'Re:' prefixes (such as "general/1098:" or      ]
 ["Re: general/1098:").  If the subject doesn't match this       ]
 [pattern, your message will be misfiled and ignored.  The       ]
 ["apbugs" address is not added to the Cc line of messages from  ]
 [the database automatically because of the potential for mail   ]
 [loops.  If you do not include this Cc, your reply may be ig-   ]
 [nored unless you are responding to an explicit request from a  ]
 [developer.  Reply only with text; DO NOT SEND ATTACHMENTS!     ]

View raw message