https://bugs.openldap.org/show_bug.cgi?id=8485
--- Comment #11 from [email protected] <[email protected]> --- (In reply to Howard Chu from comment #10) > (In reply to Michael Ströder from comment #9) > > I concur that lacking support for encrypted private keys is a real > > deficiency! > > > > In general OpenLDAP should aim to reach more flexibility for the TLS > > configuration, e.g. like Apache httpd. Encrypted private keys for both > > server and client side is one aspect of that. > > We have never needed to add explicit support, since OpenSSL prompted for > a passphrase itself, when needed. > > https://www.openldap.org/lists/openldap-software/200210/msg00718.html It prompts for the passphrase on the controlling terminal, which is only helpful for command-line based applications. For any application run through a GUI/web server/etc, there won't be any way for the user to enter the passphrase as is. And in fact, the call to use the key will hang (forever IIRC) waiting for a passphrase to be typed on the terminal. -- You are receiving this mail because: You are on the CC list for the bug.
