On Mon, Nov 09, 1998, Trung Tran-Duc wrote:
> On Mon, 09 Nov 1998 10:03:23 GMT,
> Ralf S. Engelschall <[EMAIL PROTECTED]> wrote:
>
> > [...]
> > This way we init SSLeay on every init under DSO/DLL situation but not under
> > Unix/non-DSO. And the pass phrase handling is done only on the first init.
>
> Rhetoric question: what would happen if I change the mod_ssl config,
> the new private key file is encrypted with _different_ pass phrase and
> I restart Apache? Of course Apache cannot regain the terminal to ask
> for the pass phrase. Is it correct? In this case will it fail or hang
> in reading from an invisible terminal?
No, it'll not hang because we don't cache the pass phrase. We cache the
private key itself. So on restarts the private key (and certificate file) is
_NOT_ reloaded from disk. It's provided to SSLeay again, yes - but from the
cache. Because as we discussed some time ago, caching the pass phrase is more
a security problem than directly caching the private key (because SSLeay
caches the private key itself, too).
So we should not have any pass phrase handling problems here.
> > Can you verify that this code variant works under Win32, too?
> Yes.
Fine.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
