On 04/16/2014 08:45 AM, Kaspar Brand wrote:
On 14.04.2014 10:47, Jan Kaluža wrote:
On 04/12/2014 12:37 PM, Kaspar Brand wrote:
We can partly restore the argument structure for "exec"-type programs,
but effectively, lifting the limit of 2 (or 3) certs per SSL host means
that there's no longer a reliable way of determining if we are actually
loading an "RSA", "DSA", or "ECC" key when calling the
SSLPassPhraseDialog program.
It would be useful to have the same arguments as before, but if that's
not possible to do in all cases now, I would say just increasing the
arguments count won't help anything.
I'm attaching a cleaned up patch, which does it in a somewhat more
systematic way. If we apply this to 2.4.x, then we have at least
compatibility with existing configs and exec-type SSLPassPhraseDialog
programs.
Thank you very much! I've tested the patch and it works for me. I think
for the basic backward compatibility it would be really great to have
that in 2.4.x.
I have already asked the original reporter of this incompatibility, but
I have not received the answer yet. I will try to ask him again and will
write an email if I get the response this time.
My guess is that they are just using that second argument in the script
and since the argument is not here, the script is failing now. I don't
think it's used for anything more important than that, but I have no
clue right now.
For the sake of transparency/completeness, this is the bug report for
Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=1084230
Anyway, would you merge your documentation patch with httpd-2.4 with the
mention it changed in 2.4.9?
I already did that with r1585902 (cf.
http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslpassphrasedialog).
Great :).
Kaspar
Regards,
Jan Kaluza
