builtin program for SSLPassPhraseDialog doesn't prompt for password on apache start / restart via systemd, and apache fails to boot. Changing certificate path and generating new ones doesn't make any difference. When I switch to httpd-ssl-pass-dialog from mod_ssl package it prompts for passphrase and restarts just fine. Distro: Red Hat Enterprise Linux Server release 7.8 (Maipo) ===== Apache: Server version: Apache/2.4.34 (Red Hat) Server built: Mar 17 2020 09:34:59 Server's Module Magic Number: 20120211:79 Server loaded: APR 1.4.8, APR-UTIL 1.5.2 Compiled using: APR 1.4.8, APR-UTIL 1.5.2 Architecture: 64-bit Server MPM: prefork threaded: no forked: yes (variable process count) Server compiled with.... -D APR_HAS_SENDFILE -D APR_HAS_MMAP -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) -D APR_USE_SYSVSEM_SERIALIZE -D APR_USE_PTHREAD_SERIALIZE -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT -D APR_HAS_OTHER_CHILD -D AP_HAVE_RELIABLE_PIPED_LOGS -D DYNAMIC_MODULE_LIMIT=256 -D HTTPD_ROOT="/opt/rh/httpd24/root/etc/httpd" -D SUEXEC_BIN="/opt/rh/httpd24/root/usr/sbin/suexec" -D DEFAULT_PIDLOG="run/httpd.pid" -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" -D DEFAULT_ERRORLOG="logs/error_log" -D AP_TYPES_CONFIG_FILE="conf/mime.types" -D SERVER_CONFIG_FILE="conf/httpd.conf" ===== Certificates generated with: openssl genrsa -des3 -out server.key 2048 openssl req -new -key server.key -out server.csr openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt ===== SSL configuration: SSLEngine on SSLCertificateFile "/root/tmp/server.crt" SSLCertificateKeyFile "/root/tmp/server.key" SSLProtocol all -TLSv1.1 -TLSv1 -SSLv2 -SSLv3 SSLCipherSuite HIGH:!aNULL:!MD5:!3DES SSLHonorCipherOrder on ===== Error log: attached
Created attachment 37435 [details] error log
(In reply to kvedenskii from comment #0) > builtin program for SSLPassPhraseDialog doesn't prompt for password on > apache start / restart via systemd, and apache fails to boot. Changing > certificate path and generating new ones doesn't make any difference. > When I switch to httpd-ssl-pass-dialog from mod_ssl package it prompts for > passphrase and restarts just fine. So use that? The script is provided to prompt via systemd. If you want to prompt from a tty when running httpd directly, that will work fine if you use builtin. The httpd_tty_comm boolean may make a difference here. Regardless, if you are using a build of httpd provided by a vendor, please report bugs directly to the vendor (i.e. Red Hat in this case) rather than upstream.