On Mar 25, 2015, at 1:47 PM, Emilien Kia <[email protected]> wrote: > What I will do is to move ssl initializing after usering and forking, than > add key file right checking where ssl was initialized before (before forking). > As keys should be owned by nut user, this would not be a problem. > And moving this code, independently of SSL implementation (OpenSSL or NSS) > should work. And will not add more code implementation dependent. > > Charles, Arnaud ? Ok with that ?
It is disappointing that NSS cannot easily handle forking - I typically set up Apache+OpenSSL to read the key before dropping root privileges, and it would be nice if NUT could do something similar. But it sounds complicated (I briefly looked at the osdir mailing list thread), and with keys stored in memory either way, you might as well initialize after forking. -- Charles Lepple clepple@gmail
_______________________________________________ Nut-upsuser mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/nut-upsuser
