[Net-ssleay-devel] Re: Net::SSLeay and PEM file passwords
Jamie Cameron
jcameron at webmin.com
Fri Aug 4 22:03:25 CEST 2006
On 4/Aug/2006 13:26 sampo at symlabs.com wrote ..
> Jamie Cameron writes:
> > Hi Sampo,
>
> I am no longer the maintainer of Net::SSLeay. Mike and Florinan
> are nowdays in charge and have set up a support mailing list
> which I have Cc'd. Please forward further discussion there.
>
> > I'm the author of Webmin, which is a web-based admin interface written
> > in Perl, which uses your Net::SSLeay module for SSL encryption. I was
> > recently asked by a user if there is any way to read a PEM file for
> > use as an SSL certificate if it is protected by a passphrase, without
> > the user having to enter it at startup time.
>
> OpenSSL supports interactive entry of password from console. This
> works with Net::SSLeay as well.
>
> However, most servers will need to boot without interaction. Net:SSLeay
> does not support any (easy) way of automatically supplying password.
> Supporting such method would be madness anyway: you get equivalent level
> security by not encrypting your private key and simply relying on
> carefully crafted Unix filesystem permissions to protect it.
Yes, I know .. however, some users have existing password-protected certs
that they want to use with my Webmin Net::SSLeay based server.
> I believe OpenSSL.org FAQ discusses this dilemma and explains how
> to remove password protection from the private key, should it have any.
Ok .. thanks for the information. That sounds like the best solution to the problem..
- Jamie
More information about the Net-ssleay-devel
mailing list