On Mon, Apr 12, 1999, Eugene Crosser wrote:
> On 12-Apr-99 at 16:04, Ralf S. Engelschall ([EMAIL PROTECTED]) wrote:
> > On Mon, Apr 12, 1999, Eugene Crosser wrote:
> >
> > > This is a very minor issue, but still. When you run ./configure,
> > > it insists on reading the private key for the server. If you are
> > > a good sysadmin, you have the private key file unreadable for
> > > "normal users", and again if you are a good sysadmin, you configure
> > > and build programs being logged as "normal user". I think that
> > > ./configure should allow to specify the key file name and if the
> > > file is not accessible assume that it is OK and proceed.
> >
> > First, which "configure" script do you mean? Apache's or mod_ssl's? Second,
> > where does it insist to read the private key? The private key is read under
> > runtime but not on installation time? Please give me more details. Seems
> > like I still do not understand the problem and situation.
>
> As the subject says, I am speaking about the `configure' script for mos_ssl.
>
> crosser@chronos:/src/apache/mod_ssl-2.2.7-1.3.6/$ ./configure --with-apache=...
> --with-key=/etc/ssl/private/httpd.key ... <etc>
>
> Configuring mod_ssl/2.2.7 for Apache/1.3.6
> + Apache location: ../apache_1.3.6+ssl (Version 1.3.6)
> + OpenSSL location: /usr/local/ssl
> ./configure:Error: Cannot find SSL RSA private key file
> /etc/ssl/private/httpd.key
>
> The file /etc/ssl/private/httpd.key is unreadable for user "crosser".
> Or maybe I sould not have specified --with-key= at all? I did not
> think much, I just followed the instructions for the "joe average" :)
As INSTALL says, the stuff is optional:
| :
| --with-crt=/path/to/your/server.crt \ OPTIONAL
| --with-key=/path/to/your/server.key \ OPTIONAL
| :
So, when your installation UID cannot read the private key, it has to fail, of
course. But there is nothing I can and want to do. Mod_ssl doesn't insinst on
reading the key. The --with-{crt,key} options are optional and just for
convinience when upgrading.
All you've to do is to now use these options in your situation and later
override the server.crt/server.key in the installation tree. But then under
the correct priviledged UID, of course ;-)
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]