On 25/05/2013 2:32 a.m., Alex Rousskov wrote:
Hello,The attached patch does not give SSL a password-asking callback if sslpassword_program is not configured. Without a callback, OpenSSL itself asks for the password (which works if Squid runs in foreground because of -N). The fix applies to Ssl::readCertChainAndPrivateKeyFromFiles() context only. This is not the only place where we read private keys. Some other places are working correctly, but others may need more work. Also, Ssl::readCertChainAndPrivateKeyFromFiles() may not really work if sslpassword_program _is_ configured because it will lack "user data" to record the password in. This change is for the better, and the reporter (on squid-users) says the patch solved his problem, but a complete fix needs investigation/testing and possibly more development. I am not volunteering for that additional work at this time.
Thank you. +1. Halfway is better than nowhere at all. Amos
