Re: [apache-ssl] pass phrase for key

To: apache-ssl@lists.aldigital.co.uk
Subject: Re: [apache-ssl] pass phrase for key
From: Ben Laurie <ben@algroup.co.uk>
Date: Sat, 04 Jul 1998 14:21:08 +0100
Delivered-to: mailing list apache-ssl@lists.aldigital.co.uk
Mailing-list: contact apache-ssl-help@lists.aldigital.co.uk; run by ezmlm
Organization: http://www.apache-ssl.org
Organization: A.L. Group plc
References: <Pine.LNX.3.93.980703230446.16080A-100000@halhinet.on.ca>
Reply-to: apache-ssl@lists.aldigital.co.uk

tech wrote:
> 
> Hi,
> Thanks to all on this list. I have been combing the archive for help to
> get my apache-ssl operational and found the help I needed.
> 
> For those who might still be stuck you might find some help at
> https://secure.halhinet.on.ca/ It is working at the moment. Comments and
> critiques would also be welcome. (IE3 won't go there use Netscape)
> 
> Here's my problem.
> My key file was created with a pass phrase as recommended by the people at
> Thawte. However, when the server boots it does not stop to ask for the
> pass phrase (I think because of Ben's workaround - Skip first time
> initialisation) and I get an error
> 
> SSL disabled for server www.dudley.halhinet.on.ca:80
> SSL disabled for server www.bishop.haliburton.on.ca:80
> Enter PEM pass phrase:
> Error reading private key file /usr/local/apache/conf/halhinet.on.ca.key:
> 18576:error:0906406D:PEM routines:DEF_CALLBACK:problems getting password:
> pem_lib.c:110
> :18576:error:0906A068:PEM routines:PEM_do_header:bad password
> read:pem_lib.c:387:
> [Sat Jul  4 00:39:07 1998] gcache started
> 
> Currently the server is running on a self assigned key+cert.

Yeah, this is a consequence, I'm told, of leaving initialisation 'til
the second round. I don't usually use pass phrases, so I didn't notice.
I'll try to find a fix for it for the next release.

> Tonight I will be digging in the code to see if I can unfix Ben's fix but
> is this what I have to do or is there a more reasonable workaround. More
> reasonable because I know zip about C and I have digging through code all
> day and got nowhere (slowly).

It might be easiest to find where SSLeay gets the pass phrase and make
it use /dev/tty instead. OTOH, that may not work!

Cheers,

Ben.

-- 
Ben Laurie            |Phone: +44 (181) 735 0686| Apache Group member
Freelance Consultant  |Fax:   +44 (181) 735 0689|http://www.apache.org/
and Technical Director|Email: ben@algroup.co.uk |
A.L. Digital Ltd,     |Apache-SSL author     http://www.apache-ssl.org/
London, England.      |"Apache: TDG" http://www.ora.com/catalog/apache/

WE'RE RECRUITING! http://www.aldigital.co.uk/recruit/

References:
- pass phrase for key
  - From: tech <tech@halhinet.on.ca>

Prev by Date: Re: [apache-ssl] Newbie Questions
Next by Date: Re: [apache-ssl] pass phrase for key
Previous by thread: pass phrase for key
Next by thread: Expired, or not yet valid date
Index(es):
- Date
- Thread