switch to ptemp pool for ssl_pphrase_Handle

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93894 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index 8a8ab0acd3fea391afd6bd2b885fb24f081ad63a..602c18204ce6f25d4bb309b772969bae1df470dc 100644 (file)
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -268,7 +268,13 @@ int ssl_init_Module(apr_pool_t *p, apr_pool_t *plog,
      */
     ssl_rand_seed(base_server, ptemp, SSL_RSCTX_STARTUP, "Init: ");
 
-    ssl_pphrase_Handle(base_server, p);
+    /*
+     * read server private keys/public certs into memory.
+     * decrypting any encrypted keys via configured SSLPassPhraseDialogs
+     * anything that needs to live longer than ptemp needs to also survive
+     * restarts, in which case they'll live inside s->process->pool.
+     */
+    ssl_pphrase_Handle(base_server, ptemp);
 
     ssl_tmp_keys_init(base_server);
 

diff --git a/modules/ssl/ssl_engine_pphrase.c b/modules/ssl/ssl_engine_pphrase.c
index cd8d77b35ef4dc80af36c0128a81ed60a7b42d68..56237c0658f087614c47d9b02f86aa98e5869d89 100644 (file)
--- a/modules/ssl/ssl_engine_pphrase.c
+++ b/modules/ssl/ssl_engine_pphrase.c
@@ -109,7 +109,7 @@ static apr_status_t exists_and_readable(char *fname, apr_pool_t *pool, apr_time_
 static char *asn1_table_vhost_key(SSLModConfigRec *mc, apr_pool_t *p,
                                   char *id, char *an)
 {
-    /* 'p' pool used here is cleared on restarts */
+    /* 'p' pool used here is cleared on restarts (or sooner) */
     char *key = apr_psprintf(p, "%s:%s", id, an);
     void *keyptr = apr_hash_get(mc->tVHostKeys, key,
                                 APR_HASH_KEY_STRING);