On 25/05/2013 2:32 a.m., Alex Rousskov wrote:
> Hello,
>
> The attached patch does not give SSL a password-asking callback if
> sslpassword_program is not configured. Without a callback, OpenSSL
> itself asks for the password (which works if Squid runs in foreground
> because of -N).
>
> The fix applies to Ssl::readCertChainAndPrivateKeyFromFiles() context
> only. This is not the only place where we read private keys. Some other
> places are working correctly, but others may need more work. Also,
> Ssl::readCertChainAndPrivateKeyFromFiles() may not really work if
> sslpassword_program _is_ configured because it will lack "user data" to
> record the password in.
>
> This change is for the better, and the reporter (on squid-users) says
> the patch solved his problem, but a complete fix needs
> investigation/testing and possibly more development. I am not
> volunteering for that additional work at this time.
>
Thank you.
+1. Halfway is better than nowhere at all.
Amos
Received on Fri May 24 2013 - 14:44:30 MDT
This archive was generated by hypermail 2.2.0 : Fri May 24 2013 - 12:01:47 MDT