Bugfix for SSLPassPhraseDialog exec: on Win32

[Kirk Benson]

There are a couple of problems with using the SSLPassPhraseDialog
exec:[path] on Apache Win32.  There is a simple source fix for on of them,
and a workaround for the other.

Problems defined:

The full executable path is formed by taking the path specified by the
SSLPassPhraseDialog, and if it is not an absolute path preprending the
ServerRoot path.  However, NT paths allow spaces in directory names (e.g.,
"Program Files").  Assuming that httpd.conf contains:

 SSLPassPhraseDialog  exec:bin/pwfilter1.exe

and that Server root is "f:\program files\OpenSA\Apache", then the
executable pathname will be "f:\program
files\OpenSA\Apache\bin/pwfilter1.exe".  At the end of all processsing, the
command string passed to CreateProcess is

  CMD /C f:\program files\OpenSA\Apache\bin/pwfilter1.exe 

However, this fails because of the space in 'program files'.  The solution
is to modify file ssl_engine_pphrase.c, line 526 (2.6.3 release) from:

cmd = ap_psprintf(p, "%s %s %s", sc->szPassPhraseDialogPath,
cpVHostID, cpAlgoType);

to

cmd = ap_psprintf(p, "\"%s\" %s %s", sc->szPassPhraseDialogPath,
cpVHostID, cpAlgoType);

This encloses the path in "" such that the spawned process is:

  CMD /C "f:\program files\OpenSA\Apache\bin/pwfilter1.exe" 

I have verified that this works for the configuration defined above.

However, there still exists a problem where the passphrase filter path is to
be defined as absolute rather than relative to ServerRoot.  The parsing of
the SSLPassPhraseDialog directive does not recognize valid Win32 paths, nor
does it allow enclosure of the path with quotes.  Therefore it is impossible
to specify an executable located on another drive letter or one that
contains spaces.

regards
Kirk
gee, I'm a real apache hacker these days 8-P


__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

RE: Bugfix for SSLPassPhraseDialog exec: on Win32

[Kirk Benson]

Further testing/debugging shows that my previous bug fix will also work for
paths containing spaces.  The "trick" is to enclose the entire
SSLPassPhraseDialog parameter in double-quotes.  Thus, the following
succeeds:

SSLPassPhraseDialog  "exec:f:/program files/opensa/apache/bin/pwfilter1.exe"

While

SSLPassPhraseDialog  exec:"f:/program files/opensa/apache/bin/pwfilter1.exe"

does not.

It may be useful to include this in the faq or the mod_ssl reference.

cheers
Kirk

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: Bugfix for SSLPassPhraseDialog exec: on Win32

[Ralf S. Engelschall]

On Thu, May 11, 2000, Kirk Benson wrote:

> There are a couple of problems with using the SSLPassPhraseDialog
> exec:[path] on Apache Win32.  There is a simple source fix for on of them,
> and a workaround for the other.
> [...]

I've fixed this now with the suggested quotes for mod_ssl 2.6.5.
Thanks for your feedback.

> [..]
> However, there still exists a problem where the passphrase filter path is to
> be defined as absolute rather than relative to ServerRoot.  The parsing of
> the SSLPassPhraseDialog directive does not recognize valid Win32 paths, nor
> does it allow enclosure of the path with quotes.  Therefore it is impossible
> to specify an executable located on another drive letter or one that
> contains spaces.

Hmmm... this then is a problem with Apache's ap_server_root_relative()
function, I think. Because mod_ssl doesn't try to parse the path AFAIK.

   Ralf S. Engelschall
   [EMAIL PROTECTED]
   www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]