Hi,
>exact same problem I'm having. Have you been able to come up with a
>solution?
Ben's response to my question:
quote---
Yeah, this is a consequence, I'm told, of leaving initialisation 'til
the second round. I don't usually use pass phrases, so I didn't notice.
I'll try to find a fix for it for the next release.
endquote---
... sort of makes me feel that there is not a workaround.
I also spent a night trying to identify where exactly the pass phrase was
entered into the system to see if I could short circuit it (perhaps by
hardcoding the pass phrase into the software) anyhow I know nothing about C
... I think the work is done in a function called des_read_pw which is in a
file called SSLeay-0.9.0/crypto/des/read_pw.c but I am not sure. BESIDES,
this is not really the solution I am looking for.
Also, I don't think there is a hack of this nature that will work directly
on the apache_ssl software and I can't figure what Ben has actually done.
For a while I was able to force the software to stop and ask for the pass
phrase, however, it then gave me a different type of bad password error. (I
checked with my 1.2.6 version and the pass phrase is correct).
>solution? If not, do you know how to make the key *not* take a pass
>phrase as other folks on the list seemed to suggest?
Well, you can create a key without a pass phrase according to the folks at
Thawte, by leaving out the 'des3' keyword in the key generation. (That's a
bit vague but I don;t have the web reference in my record)
HOWEVER, the keybone connects to the csrbone which connects to the certbone
so changing the key won't help if you already have a cert which is my problem.
However, it occurs to me that I could probably figure out how to decrypt
the key and store it without a passphrase which is what I will try tonight
and may be what the others are refering to.
In the meantime I am HUNGRILY waiting for Ben's next patch.
Best John H