Citeren Josef 'Jeff' Sipek <jeff.si...@open-xchange.com>:
On Thu, Aug 13, 2020 at 21:16:42 +0200, Arjen de Korte wrote:
Citeren Timo Sirainen <t...@sirainen.com>:
> !include_try ssl-keys.conf
That will only work to include an optional configuration file and
suppress errors if it doesn't exist. I put
ssl_key = </etc/ssl/private/de-korte.org.key
in a separate configuration file and it failed in a similar fashion,
just with another filename.
I think the idea was that the file with the ssl_key line was only
root-readable. That way, non-privilged users will fail to include the file.
Is that what you tried?
No, but you put me on the right track.
What is needed is to !include_try the whole previous SSL configuration
file only for root and to precede this by an include for a new one
which disables SSL completely. So first SSL will be disabled for all
users (including root) and only for root, the SSL configuration will
be loaded after that.