https://bugs.openldap.org/show_bug.cgi?id=8485

--- Comment #11 from ahnolds@gmail.com ahnolds@gmail.com --- (In reply to Howard Chu from comment #10)

(In reply to Michael Ströder from comment #9)

...

I concur that lacking support for encrypted private keys is a real deficiency!

In general OpenLDAP should aim to reach more flexibility for the TLS configuration, e.g. like Apache httpd. Encrypted private keys for both server and client side is one aspect of that.

We have never needed to add explicit support, since OpenSSL prompted for a passphrase itself, when needed.

https://www.openldap.org/lists/openldap-software/200210/msg00718.html

It prompts for the passphrase on the controlling terminal, which is only helpful for command-line based applications. For any application run through a GUI/web server/etc, there won't be any way for the user to enter the passphrase as is. And in fact, the call to use the key will hang (forever IIRC) waiting for a passphrase to be typed on the terminal.