On 04.04.2014 12:22, Jan Kaluža wrote: > commit 1553824 (1573360 in 2.4.x) breaks the compatibility in arguments > passed to "exec:/path/to/program" pass phrase program. This should be > clear from the following part of mentioned commit(s): > > - argv[1] = cpVHostID; > - argv[2] = cpAlgoType; > - argv[3] = NULL; > + argv[1] = ppcb_arg->key_id; > + argv[2] = NULL; > > Was this change intentional in trunk?
Yes, it's a consequence of no longer using a "keys" array which was indexed by ssl_algo_t (see e.g. [1] for the overall motivation for r1553824). > If yes, I will document this, > because the change of mod_ssl documentation was not part of this patch. My bad, I missed this in the docs for SSLPassPhraseDialog. I just updated it in trunk with r1585045. > However, I think this should not be accepted in 2.4.x branch, because it > breaks compatibility with external pass phrase programs in the stable > branch without any reason. In 2.4.8 and later, the limit with the three named algorithms (RSA/DSA/ECC) is gone, so there isn't a useful replacement for the second argument (we could split off the "index" from the "servername:port:index", though that doesn't make it more backwards compatible with existing SSLPassPhraseDialog programs, most likely). Can you provide more information about the specific script/program (and what is causing the incompatibility)? This would help in getting a better understanding of the problem, I think. Kaspar [1] https://mail-archives.apache.org/mod_mbox/httpd-dev/201310.mbox/%[email protected]%3E
