Bug 13585 - Bug in handling encrypted key files
Summary: Bug in handling encrypted key files
Status: CLOSED DUPLICATE of bug 21160
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_ssl (show other bugs)
Version: 2.0-HEAD
Hardware: Other Linux
: P3 critical (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2002-10-13 22:55 UTC by Jens Elkner
Modified: 2004-11-16 19:05 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jens Elkner 2002-10-13 22:55:33 UTC
I use the following config part to allow different certficates for virtual
hosts, since on that host I have only 1 IP address:

<IfModule mod_ssl.c>
	Listen 217.217.217.217:443
	<VirtualHost 217.217.217.217:443>
		SSLEngine On
		Include conf/a.server.de
	</VirtualHost>

	Listen 217.217.217.217:444
	<VirtualHost 217.217.217.217:444>
		SSLEngine On
		Include conf/a.server.info
	</VirtualHost>

	Listen 217.217.217.217:445
	<VirtualHost 217.217.217.217:445>
		SSLEngine On
		Include conf/a.server.org
	</VirtualHost>
</IfModule>

Each included config file contains its own SSLCertificateFile and
SSLCertificateKeyFile of course.

This works, as long as all or only one KeyFile is encrypted.
If I encrpyt more than one keyfile (each with a different password),
the phase phrase dialog is successful but than the httpd dies
with a "Unable to configure verify locations for client authentication ..."
error.

I'm not sure, but I guess, the passphrase query functions are buggy
wrt. the used port:

Apache/2.0.43 mod_ssl/2.0.43 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide us with the pass phrases.

Server a.server.org:443 (RSA)
Enter pass phrase:
Server a.server.info:443 (RSA)
Enter pass phrase:
Server a.server.de:443 (RSA)
Enter pass phrase:
Ok: Pass Phrase Dialog successful.

... bummer ...

So IMHO its critical, since one can´t run Apache with encrypted keyfiles :(((
Comment 1 Jens Elkner 2002-10-13 23:18:15 UTC
Sorry, small but important correction:

This works, as long as all KeyFiles are unencrypted or only one KeyFile is
encrypted.

Comment 2 Joe Orton 2004-03-10 18:16:21 UTC
This is probably the same issue as bug 21160; try the fix referenced there,
which is included in the forthcoming 2.0.49 release, or please reopen if you
still have problems with 2.0.49.

*** This bug has been marked as a duplicate of 21160 ***