Bug 64826

Summary: libtcnative prompts for private key password in some situations
Product: Tomcat Native Reporter: Michael Osipov <michaelo>
Component: LibraryAssignee: Tomcat Developers Mailing List <dev>
Status: NEW ---    
Severity: major    
Priority: P2    
Version: 1.2.23   
Target Milestone: ---   
Hardware: All   
OS: All   

Description Michael Osipov 2020-10-19 09:59:55 UTC
Based the discussion here: https://www.mail-archive.com/users@tomcat.apache.org/msg136430.html

libtcnative might prompt for a password if the given password is wrong or not supplied. This happens only when the private key is encrypted.

This has several issues:

* It is not guaranteed that stdin is attached to a TTY
* No information about the certificate is given. If I have more than one which is it?
* Even though Javadocs of libtcnative document it, connector documentation never mentions this.

mod_ssl has the SSLPassPhraseDialog where the admin can strictly control how this has to be done. From an admin's POV, I would rather expect an exception in the logs rather than blocking the entire process.