On Sun, Jan 24, 1999, Bodo Moeller wrote:
> On Fri, Jan 22, 1999 at 01:11:04PM -0800, Tom Vaughan wrote:
> > Bodo Moeller <[EMAIL PROTECTED]> writes:
>
> >> What I'd like to have is a third variant of starting up Apache with
> >> mod_ssl which enables SSL, but disables asking for passwords (so that
> >> start-up might fail if the password is not available). The reason is
> >> that then the SSL-enabled server can be started from init without
> >> running the risk that a configuration change (a new, encrypted keyfile)
> >> will prevent the machine from booting as usual the next time. (I
> >> presume that the reason for introducing the difference between "start"
> >> and "startssl" in apachectl is exactly that: With "start" you can't
> >> disturb the host's booting procedure.)
>
> > If your private keys are encrypted, you will always be prompted for a
> > passphrase. No way around that.
> >
> > I think this is what you're talking about...
> >
> > By default, mod_ssl uses a built-in program of sorts to obtain the
> > passphrase via the controlling tty. mod_ssl allows you to override this
> > built-in program with some other external program. See
> > SSLPassPhraseDialog. Or you could always wrap an expect script around
> > apachectl.
> >
> > Either way, this means you'll be storing your passphrases in some form, in
> > a file, in a program, or something else, which greatly reduces the security
> > of your system.
>
> What I'm looking for is a possiblity to start httpd which can _not_
> ask for passphrases even if someone screwed up the configuration
> files. On many machines, putting a script in an rc.* directory so
> that it will be started automatically from init is not acceptable if
> that script leads to even a tiny possibility that one day the booting
> process might be stopped by a passphrase dialog. I am aware of the
> security implications of not encrypting the server key; depending on
> the application and on various other circumstances, this can be
> acceptable.
And is a script which starts "httpd -t", "ssleay x509 -noout -text -in
server.crt" and "ssleay rsa -noout -text -in server.key", checks for the
return codes and _then_ starts "httpd" not enough?
And what I don't understand is this: When you don't use encrypted private
keys, a passphrase will _never_ happen. When you use encrypted private keys
it will happen _everytime_. So, for the first case you don't have to worry
about the boot procedure and for the second case you can use the
SSLPassPhraseDialog filter programs when you really want to make sure it
doesn't stop because of an interactive prompt.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
