64826 – libtcnative prompts for private key password in some situations

Bug 64826 - libtcnative prompts for private key password in some situations

Summary: libtcnative prompts for private key password in some situations

Status:	NEW

Alias:	None

Product:	Tomcat Native
Classification:	Unclassified
Component:	Library (show other bugs)
Version:	1.2.23
Hardware:	All All

Importance:	P2 major (vote)
Target Milestone:	---
Assignee:	Tomcat Developers Mailing List

URL:
Keywords:

Depends on:
Blocks:

Reported:	2020-10-19 09:59 UTC by Michael Osipov
Modified:	2020-10-19 09:59 UTC (History)
CC List:	0 users

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Michael Osipov 2020-10-19 09:59:55 UTC

Based the discussion here: https://www.mail-archive.com/users@tomcat.apache.org/msg136430.html

libtcnative might prompt for a password if the given password is wrong or not supplied. This happens only when the private key is encrypted.

This has several issues:

* It is not guaranteed that stdin is attached to a TTY
* No information about the certificate is given. If I have more than one which is it?
* Even though Javadocs of libtcnative document it, connector documentation never mentions this.

mod_ssl has the SSLPassPhraseDialog where the admin can strictly control how this has to be done. From an admin's POV, I would rather expect an exception in the logs rather than blocking the entire process.