Bug 64826 - libtcnative prompts for private key password in some situations
Summary: libtcnative prompts for private key password in some situations
Status: NEW
Alias: None
Product: Tomcat Native
Classification: Unclassified
Component: Library (show other bugs)
Version: 1.2.23
Hardware: All All
: P2 major (vote)
Target Milestone: ---
Assignee: Tomcat Developers Mailing List
Depends on:
Reported: 2020-10-19 09:59 UTC by Michael Osipov
Modified: 2024-06-11 10:21 UTC (History)
1 user (show)


Note You need to log in before you can comment on or make changes to this bug.
Description Michael Osipov 2020-10-19 09:59:55 UTC
Based the discussion here: https://www.mail-archive.com/users@tomcat.apache.org/msg136430.html

libtcnative might prompt for a password if the given password is wrong or not supplied. This happens only when the private key is encrypted.

This has several issues:

* It is not guaranteed that stdin is attached to a TTY
* No information about the certificate is given. If I have more than one which is it?
* Even though Javadocs of libtcnative document it, connector documentation never mentions this.

mod_ssl has the SSLPassPhraseDialog where the admin can strictly control how this has to be done. From an admin's POV, I would rather expect an exception in the logs rather than blocking the entire process.
Comment 1 Michael Osipov 2023-10-23 11:22:29 UTC
Last point has been addressed with Bug 66670.