On 17.11.2013 15:43, Dr Stephen Henson wrote: > On 13/11/2013 14:06, Kaspar Brand wrote: >> >> - only supporting unencrypted private keys with "SSLOpenSSLConfCmd >> PrivateKey ..." >> > > Just to clarify that. Do you mean that SSLOpenSSLConfCmd shouldn't work with > encrypted private keys at all (e.g. return an error) or that it is just > documented that they might not work as expected?
I'm ok with how it currently behaves. In my WIP patch (see previous message), I'm just disabling the password prompt. > The SSL_CONF code (which SSLOpenSSLConfCmd uses) should have support for > encrypted private keys as other applications might want to use it. Sure, no problem with that. > The SSL_CONF > code wasn't designed exclusively for mod_ssl use: though I have to admit I was > partly thinking about how useful it could be in mod_ssl when I wrote it. It's turning out to be quite useful for mod_ssl, and definitely helps in exposing new OpenSSL features to httpd without the need of having to adding new explicit code. Thanks! Kaspar
