Re: password - ask_twice

Kirk Benson Thu, 27 Apr 2000 09:08:35 -0700
After verifying Jan's suggestion, I was sufficiently intrigued to look at
the source code, and downloaded the 2.6.3 tarball.  Inspection shows that
line 492 in ssl_engine_pphrase.c is:

 if ((i = EVP_read_pw_string(buf, bufsize, prompt, ask_twice)) != 0) {

The variable ask_twice is an input parameter to the containing function:

 int ssl_pphrase_Handle_CB(char *buf, int bufsize, int ask_twice)

Which in turn is a callback from open_ssl.  Since the second input is
apparently unnecessary, I'd suggest changing line 492 to be:

 if ((i = EVP_read_pw_string(buf, bufsize, prompt, FALSE)) != 0) {

Comments? Ralf?

cheers
Kirk

> -----Original Message-----
> Kirk Benson wrote:
> >
> > After several hours of experimentation, I discover the
> following problem-
> > when I use the encrypted server key file and enter the passphrase in the
> > Apache startup console window, Apache does not respond to ANY
> requests at
> > all (HTTP or HTTPS).  However, when I create an unencrypted
> server key file,
> > all works perfectly!  The ONLY change between the two runs is
> to change the
> > filename in my SSLCertificateKeyFile directive.
> >
> This has been reported before. I assume you work on a Win32 (NT perhaps)
> platform. The odd thing is, you're supposed to type the pass phrase
> twice. Yes, it doesn't tell you to do so. Yes, you don't see it's
> waiting for you to do this. But that's really what's going on. If you
> look at the last line in the log that you sent, it says:
> "Init: Requesting pass phrase via builtin terminal dialog"
> It's waiting for you to type it a second time. That's why it appears to
> hang. Type it twice, and all will work fine. Or use a key with the
> passphrase removed. Or use a password program that will, when invoked by
> mod_ssl, tell it the password. See the faq for that. But do note that
> that too has some dark corners on Win32. I've managed to make it work
> only when running apache with the -X option (single instance debug
> mode).
>
> Regards,
> Jan Dries
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      [EMAIL PROTECTED]
> Automated List Manager                            [EMAIL PROTECTED]
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]
Re: password - ask_twice

Reply via email to
