Not sure how all of you do it... but we got REALLY tired of having to
type the passphrase in every time we restarted pound. Sucks to have a
server waiting on a non-existant console for someone to type the
passphrase in also... hence...
Daniel Bidwell (a very good colleague of mine) had done some passphrase
file reading patches for sslwrap and working together we dropped them
into pound. (He did the brute work... I caught/fixed the mistakes :} )
So... in the interest of sharing (and hoping it makes it into the
standard distro so we can use standard debian packages :P ) I have
included the patch in this message as an attachment.
To apply it you need only do:
patch -p1 < passphrase_files.patch
(in your appropriate source directory)
The only configuration change that you can/need to apply is to edit your
pound.cfg and drop in where to find the passphrase file.
ListenHTTPS 127.0.0.1,443 /etc/ssl/certs/blah.pem
ListenHTTPS 127.0.0.1,443 /etc/ssl/certs/blah.pem,/etc/ssl/certs/blah.ppfile
If you don't place a filename there it fails to open any file and hence
asks you for the passphrase just like normal. So NO NEED to change a
config file if you don't want this functionallity.
We have been using this in our production environment for about 3 weeks
and it works great.
Questions... comments... feel free to ask :}