Am 31.01.2014 17:24, schrieb James Peach: > On Jan 31, 2014, at 4:52 AM, Reindl Harald <[email protected]> wrote: > >> one small issue with ssl-certs: >> they must be readable by the ats-user >> >> httpd reads them at startup before downgrade uid/gid >> the benefit is that they can have chmod 400 and owned by root >> in case of a security relevant bug that may prevent leaks > > https://issues.apache.org/jira/browse/TS-2353 > https://issues.apache.org/jira/browse/TS-612 > > Ron Barber has been working on this for 4.2 and I expect that we will land > these changes soon. In the longer terms I'd like to support the Linux kernel > key management API, which I believe will give you better options for > controlling access to keys.
have i said often enough "thank you" for such a responsible upstream project like ATS?
signature.asc
Description: OpenPGP digital signature
