https://bz.apache.org/bugzilla/show_bug.cgi?id=63924
Bug ID: 63924
Summary: SSLProxyMachineKeyFile
Product: Apache httpd-2
Version: 2.4-HEAD
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P2
Component: mod_ssl
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
The mod_ssl module is missing a SSLProxyMachineKeyFile option.
Currently you are forced to add the secret key to the certificate file. This is
problematic for three reasons:
- Combining public and secret data in one file can lead to involuntary exposure
of the secret data. E.g when someone asks for the certificate and gets blindly
forwarded the certificate file without someone checking first if it also
contains a secret key. Another example is limited to Unix systems where it can
happen that the combination file does not get restrictive enough file
permissions (0444 instead of 0400).
- Certificate and secret key do change on separate occasions and would always
require either a file edit or a compile action to produce the correct file
- Easy reuse of data used to configure the web server is not possible, you have
to compile an additional file that combines secret key and certificate
So in principle the same reasons as for SSLCertificateKeyFile apply.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
