On 04/16/2014 09:35 AM, Plüm, Rüdiger, Vodafone Group wrote:
-----Original Message-----
From: Jan Kaluža [mailto:[email protected]]
Sent: Mittwoch, 16. April 2014 09:32
To: [email protected]
Subject: Re: svn commit: 1573360 - SSLPassPhraseDialog arguments changed
in 2.4.x
On 04/16/2014 08:45 AM, Kaspar Brand wrote:
On 14.04.2014 10:47, Jan Kaluža wrote:
On 04/12/2014 12:37 PM, Kaspar Brand wrote:
We can partly restore the argument structure for "exec"-type programs,
but effectively, lifting the limit of 2 (or 3) certs per SSL host
means
that there's no longer a reliable way of determining if we are
actually
loading an "RSA", "DSA", or "ECC" key when calling the
SSLPassPhraseDialog program.
It would be useful to have the same arguments as before, but if that's
not possible to do in all cases now, I would say just increasing the
arguments count won't help anything.
I'm attaching a cleaned up patch, which does it in a somewhat more
systematic way. If we apply this to 2.4.x, then we have at least
compatibility with existing configs and exec-type SSLPassPhraseDialog
programs.
Thank you very much! I've tested the patch and it works for me. I think
for the basic backward compatibility it would be really great to have
that in 2.4.x.
Are we sure that ppcb_arg->key_id always contains a ':'?
I've checked that part of patch and if I'm right, the key_id is only
created by asn1_table_vhost_key(...) like this:
char *key = apr_psprintf(p, "%s:%d", id, i);
So this part should be OK.
Regards
Rüdiger
Regards,
Jan Kaluza
