On Sat, Jul 03, 1999, David Harris wrote:
> I have the same problem on my server. I'm running mod_ssl-2.3.5-1.3.6.
> (Additionally, mod_ssl-2.1.6-1.3.3 appears to have the same problem.) Whenever
> I give the server a graceful restart request and have added a new certificate
> or key the restart bombs with the "Ops, no RSA or DSA server certificate
> found?!" error message from pkg.sslmod/ssl_engine_init.c function
> ssl_init_GetCertAndKey() about line 550.
Ahhhh.... WAIT! Then it's clear, this cannot work: When you add or remove a
cert from the config, you need a complete stop/start of the server, of course.
Because mod_ssl caches (and has to cache) all certificates and keys on
startup. When you add an additional private key which is encrypted how should
mod_ssl ask you for the pass phrase on restarts (where Apache is already
detached from the terminal!)? You see it? That's why you can't change
certs/keys and just use a restart? But seems like I should add a special error
message for this situation and add an entry to the FAQ...
> [...]
> The solution would be to check for any new certificate and key files to be read
> on the module initializations caused by graceful restarts. Of course, the
> passphrase prompt would have to be disabled for this read, but that's not
> really a problem.
Oh, this is a problem, because how else should the pass phrase be read?
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
