Bug 13585

Summary: Bug in handling encrypted key files
Product: Apache httpd-2 Reporter: Jens Elkner <elkner>
Component: mod_sslAssignee: Apache HTTPD Bugs Mailing List <bugs>
Severity: critical    
Priority: P3    
Version: 2.0-HEAD   
Target Milestone: ---   
Hardware: Other   
OS: Linux   

Description Jens Elkner 2002-10-13 22:55:33 UTC
I use the following config part to allow different certficates for virtual
hosts, since on that host I have only 1 IP address:

<IfModule mod_ssl.c>
		SSLEngine On
		Include conf/a.server.de

		SSLEngine On
		Include conf/a.server.info

		SSLEngine On
		Include conf/a.server.org

Each included config file contains its own SSLCertificateFile and
SSLCertificateKeyFile of course.

This works, as long as all or only one KeyFile is encrypted.
If I encrpyt more than one keyfile (each with a different password),
the phase phrase dialog is successful but than the httpd dies
with a "Unable to configure verify locations for client authentication ..."

I'm not sure, but I guess, the passphrase query functions are buggy
wrt. the used port:

Apache/2.0.43 mod_ssl/2.0.43 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide us with the pass phrases.

Server a.server.org:443 (RSA)
Enter pass phrase:
Server a.server.info:443 (RSA)
Enter pass phrase:
Server a.server.de:443 (RSA)
Enter pass phrase:
Ok: Pass Phrase Dialog successful.

... bummer ...

So IMHO its critical, since one canĀ“t run Apache with encrypted keyfiles :(((
Comment 1 Jens Elkner 2002-10-13 23:18:15 UTC
Sorry, small but important correction:

This works, as long as all KeyFiles are unencrypted or only one KeyFile is

Comment 2 Joe Orton 2004-03-10 18:16:21 UTC
This is probably the same issue as bug 21160; try the fix referenced there,
which is included in the forthcoming 2.0.49 release, or please reopen if you
still have problems with 2.0.49.

*** This bug has been marked as a duplicate of 21160 ***