reuse existing private key if possible for all SSLPassPhraseDialog

types, not just builtin.  on win32 for example, a pipe dialog might
allocate a wintty for prompting, which results in 4 prompts at
startup, 2 for each child and 2 within each when httpd "restarts
itself".
update comments on this and wrap them a bit.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93679 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/modules/ssl/ssl_engine_pphrase.c b/modules/ssl/ssl_engine_pphrase.c
index 98cdad356e77e40797184fcac421c7caf75a53e9..f1d6b7b17566d221710f957365ec1ae01c4216b5 100644 (file)
--- a/modules/ssl/ssl_engine_pphrase.c
+++ b/modules/ssl/ssl_engine_pphrase.c
@@ -299,17 +299,26 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p)
                 }
 
                 /*
-                 * if the private key is encrypted and SSLPassPhraseDialog is configured to "builtin"
-                 * it isn't possible to prompt for a password.  in this case if we already have a
-                 * private key and the file name/mtime hasn't changed, then reuse the existing key.
-                 * of course this will not work if the server was started without LoadModule ssl_module
-                 * configured, then restarted with it configured.  but we fall through with a chance of
-                 * success if the key is not encrypted.  and in the case of fallthrough, pkey_mtime and
-                 * isatty() are used to give a better idea as to what failed.
-                 * even if we could prompt for password again, users won't like getting prompted twice
-                 * at startup.
+                 * if the private key is encrypted and SSLPassPhraseDialog
+                 * is configured to "builtin" it isn't possible to prompt for
+                 * a password after httpd has detached from the tty.
+                 * in this case if we already have a private key and the
+                 * file name/mtime hasn't changed, then reuse the existing key.
+                 * we also reuse existing private keys that were encrypted for
+                 * exec: and pipe: dialogs to minimize chances to snoop the
+                 * password.  that and pipe: dialogs might prompt the user
+                 * for password, which on win32 for example could happen 4
+                 * times at startup.  twice for each child and twice within
+                 * each since apache "restarts itself" on startup.
+                 * of course this will not work for the builtin dialog if
+                 * the server was started without LoadModule ssl_module
+                 * configured, then restarted with it configured.
+                 * but we fall through with a chance of success if the key
+                 * is not encrypted or can be handled via exec or pipe dialog.
+                 * and in the case of fallthrough, pkey_mtime and isatty()
+                 * are used to give a better idea as to what failed.
                  */
-                if (sc->nPassPhraseDialogType == SSL_PPTYPE_BUILTIN) {
+                if (pkey_mtime) {
                     char *key_id = apr_psprintf(p, "%s:%s", cpVHostID, "RSA"); /* XXX: check for DSA key too? */
                     ssl_asn1_t *asn1 = ssl_asn1_table_get(mc->tPrivateKey, key_id);