Re: httpd violates pledge with passworded private key

2017-06-10 Thread Ted Unangst
Joel Sing wrote: > > tls_configure_keypair() -> return EWANTSPASSWORD -> application decides how > > to proceed, possibly asking for password, calls > > tls_configure_keypair_this_time_with_password(). > > I'm not sure that I'd consider that sane. We already have tls_load_file() for > this

Re: httpd violates pledge with passworded private key

2017-06-10 Thread Joel Sing
On Wednesday 07 June 2017 14:06:42 Ted Unangst wrote: > Jonathan Gray wrote: > > when using a server.key with a passphrase, ie > > > > > > ) at /usr/src/lib/libc/stdio/fopen.c:54 > > #3 0x022b2d92d26f in open_console (ui=Variable "ui" is not available. > > ) at

Re: httpd violates pledge with passworded private key

2017-06-07 Thread Ted Unangst
Jonathan Gray wrote: > when using a server.key with a passphrase, ie > ) at /usr/src/lib/libc/stdio/fopen.c:54 > #3 0x022b2d92d26f in open_console (ui=Variable "ui" is not available. > ) at /usr/src/lib/libcrypto/ui/ui_openssl.c:304 > #6 0x022b2d9dc018 in PEM_def_callback > ) at

Re: httpd violates pledge with passworded private key

2017-06-07 Thread Reyk Floeter
> Am 06.06.2017 um 22:41 schrieb Florian Obser : > >> On Tue, Jun 06, 2017 at 09:18:25PM +1000, Jonathan Gray wrote: >> when using a server.key with a passphrase, ie >> >> openssl genrsa -aes256 -out /etc/ssl/private/server.key 2048 >> >> server "default" { >>listen on

Re: httpd violates pledge with passworded private key

2017-06-07 Thread Sebastien Marie
On Tue, Jun 06, 2017 at 08:41:04PM +, Florian Obser wrote: > On Tue, Jun 06, 2017 at 09:18:25PM +1000, Jonathan Gray wrote: > > when using a server.key with a passphrase, ie > > > > openssl genrsa -aes256 -out /etc/ssl/private/server.key 2048 > > > > server "default" { > > listen on *

Re: httpd violates pledge with passworded private key

2017-06-06 Thread Florian Obser
On Tue, Jun 06, 2017 at 09:18:25PM +1000, Jonathan Gray wrote: > when using a server.key with a passphrase, ie > > openssl genrsa -aes256 -out /etc/ssl/private/server.key 2048 > > server "default" { > listen on * port 80 > listen on * tls port 443 > directory { auto index } > }

httpd violates pledge with passworded private key

2017-06-06 Thread Jonathan Gray
when using a server.key with a passphrase, ie openssl genrsa -aes256 -out /etc/ssl/private/server.key 2048 server "default" { listen on * port 80 listen on * tls port 443 directory { auto index } } types { include "/usr/share/misc/mime.types" text/plain