On Fri, 14 May 1999, Ralf S. Engelschall wrote:
> On Fri, May 14, 1999, Robert Read wrote:
>
> > Red Hat 5.2, apache 1.3.6, mod-ssl 2.2.8-1.3.6, and openssl 0.9.2b. When
> > a bad pass phrase is entered using the default handler, apache seg faults.
> > I've added enough ssl_logs to see that the seg fault happens in
> > ssl_pphrase_Handle() during the call SSL_read_RSAPrivateKey() at some
> > point after ssl_pphrase_Handle_CB returns.
> > [...]
>
> Hmmm... strange. I've never observed this myself nor heard from segfault
> related to the pass phrase dialog. And I cannot see an obvious programming
> mistake inside ssl_engine_pphrase.c. So my questions are:
>
> 1. is any DSO part of the game?
Yes. mod_ssl is a DSO.
> When yes, have you compiled OpenSSL with -fpic?
Not originally, but I just remade everthing and it didn't help.
> 2. does OpenSSL already pass it's "make test"?
Yes. (before and after adding -fpic.)
> 3. can you correctly read the key via
> "openssl rsa -noout -text -in server.key"?
Yes. It correctly handles an incorrect pass phrase:
# openssl rsa -noout -text -in ssl.key/rr-key.pem
read RSA private key
Enter PEM pass phrase:
unable to load Private Key
21453:error:06065064:digital envelope routines:EVP_DecryptFinal:bad
decrypt:evp_enc.c:275:
21453:error:0906A065:PEM routines:PEM_do_header:bad decrypt:pem_lib.c:403:
Apache works when all my keys use the same pass phrase and I enter the
pass phrase correctly, which is a reasonable workaround.
robert
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
