[Bug 8485] [PATCH] Adding support for encrypted server private keys - openldap-bugs

31 Mar 2020


      https://bugs.openldap.org/show_bug.cgi?id=8485
--- Comment #11 from ahnolds@gmail.com ahnolds@gmail.com ---
(In reply to Howard Chu from comment #10)
...
(In reply to Michael Ströder from comment #9)
...
I concur that lacking support for encrypted private keys is a real
deficiency!
In general OpenLDAP should aim to reach more flexibility for the TLS
configuration, e.g. like Apache httpd. Encrypted private keys for both
server and client side is one aspect of that.
We have never needed to add explicit support, since OpenSSL prompted for
a passphrase itself, when needed.
https://www.openldap.org/lists/openldap-software/200210/msg00718.html
It prompts for the passphrase on the controlling terminal, which is only
helpful for command-line based applications. For any application run through a
GUI/web server/etc, there won't be any way for the user to enter the passphrase
as is. And in fact, the call to use the key will hang (forever IIRC) waiting
for a passphrase to be typed on the terminal.
-- 
You are receiving this mail because:
You are on the CC list for the bug.