Re: [PATCH] Ask for SSL key password when started with -N but without sslpassword_program

From: Alex Rousskov <rousskov_at_measurement-factory.com>
Date: Fri, 24 May 2013 09:14:03 -0600

On 05/24/2013 08:44 AM, Amos Jeffries wrote:
> On 25/05/2013 2:32 a.m., Alex Rousskov wrote:
>> Hello,
>>
>> The attached patch does not give SSL a password-asking callback if
>> sslpassword_program is not configured. Without a callback, OpenSSL
>> itself asks for the password (which works if Squid runs in foreground
>> because of -N).
>>
>> The fix applies to Ssl::readCertChainAndPrivateKeyFromFiles() context
>> only. This is not the only place where we read private keys. Some other
>> places are working correctly, but others may need more work. Also,
>> Ssl::readCertChainAndPrivateKeyFromFiles() may not really work if
>> sslpassword_program _is_ configured because it will lack "user data" to
>> record the password in.
>>
>> This change is for the better, and the reporter (on squid-users) says
>> the patch solved his problem, but a complete fix needs
>> investigation/testing and possibly more development. I am not
>> volunteering for that additional work at this time.

> +1. Halfway is better than nowhere at all.

Yes, in this case. Committed to trunk as r12849.

Cheers,

Alex.
Received on Fri May 24 2013 - 15:14:04 MDT

This archive was generated by hypermail 2.2.0 : Fri May 24 2013 - 12:01:47 MDT