ASF Bugzilla – Full Text Bug Listing
|Summary:||Bug in handling encrypted key files|
|Product:||Apache httpd-2||Reporter:||Jens Elkner <elkner>|
|Component:||mod_ssl||Assignee:||Apache HTTPD Bugs Mailing List <bugs>|
Description Jens Elkner 2002-10-13 22:55:33 UTC
I use the following config part to allow different certficates for virtual hosts, since on that host I have only 1 IP address: <IfModule mod_ssl.c> Listen 126.96.36.199:443 <VirtualHost 188.8.131.52:443> SSLEngine On Include conf/a.server.de </VirtualHost> Listen 184.108.40.206:444 <VirtualHost 220.127.116.11:444> SSLEngine On Include conf/a.server.info </VirtualHost> Listen 18.104.22.168:445 <VirtualHost 22.214.171.124:445> SSLEngine On Include conf/a.server.org </VirtualHost> </IfModule> Each included config file contains its own SSLCertificateFile and SSLCertificateKeyFile of course. This works, as long as all or only one KeyFile is encrypted. If I encrpyt more than one keyfile (each with a different password), the phase phrase dialog is successful but than the httpd dies with a "Unable to configure verify locations for client authentication ..." error. I'm not sure, but I guess, the passphrase query functions are buggy wrt. the used port: Apache/2.0.43 mod_ssl/2.0.43 (Pass Phrase Dialog) Some of your private key files are encrypted for security reasons. In order to read them you have to provide us with the pass phrases. Server a.server.org:443 (RSA) Enter pass phrase: Server a.server.info:443 (RSA) Enter pass phrase: Server a.server.de:443 (RSA) Enter pass phrase: Ok: Pass Phrase Dialog successful. ... bummer ... So IMHO its critical, since one can´t run Apache with encrypted keyfiles :(((
Comment 1 Jens Elkner 2002-10-13 23:18:15 UTC
Sorry, small but important correction: This works, as long as all KeyFiles are unencrypted or only one KeyFile is encrypted.