I have problems making S/MIME work with RT 4.2.7
My environment consists of Debian testing, RT 4.2.7, Apache 2.4.10,
mod_perl 2.0.9
In /lib/RT/Crypt/SMIME.pm, when trying to send a signed message, RT
reads the passphrase from the config file correctly (tested), and sets
it in $ENV{'SMIME_PASS'}.
However, when calling openssl with safe_run_child(run3()), the openssl
process cannot find the environment variable:
---------------------------------------------------------------------------------------------------------------------
[13565] [Thu Oct 30 09:05:26 2014] [debug]: openssl command:
/usr/bin/openssl smime -sign -signer .pem -inkey .pem -passin
env:SMIME_PASS|/usr/bin/openssl smime -encrypt -des3 /tmp/NVTeGADmSO
(/usr/local/share/request-tracker4/lib/RT/Crypt/SMIME.pm:383)
[13565] [Thu Oct 30 09:05:26 2014] [debug]: openssl stderr: Can't read
environment variable SMIME_PASS Error getting password unable to write
'random state' (/usr/local/share/request-tracker4/lib/RT/Crypt/SMIME.pm:384)
----------------------------------------------------------------------------------------------------------------------
I think the underlying reason is that mod_perl by default don't pass
%ENV to child processes unless they are specifically stated in the
site configuration:
- http://search.cpan.org/~gozer/mod_perl-1.31/mod_perl.pod#ENVIRONMENT
- http://mail-archives.apache.org/mod_mbox/perl-modperl/200808.mbox/%3C5CAFF755525FC5418CCF35FAEB2683BE12A319F4@njpcmg1exms305.leh.lbcorp.lehman.com%3E
Anyone knows if this works with FastCGI or other web server different
from Apache?
What would be a (secure) alternative for passing the passphrase to
openssl? STDIN? another file descriptor?
Thank you in advance.
Marcos.
--
RT Training - November 4-5 Los Angeles
http://bestpractical.com/training
My environment consists of Debian testing, RT 4.2.7, Apache 2.4.10,
mod_perl 2.0.9
In /lib/RT/Crypt/SMIME.pm, when trying to send a signed message, RT
reads the passphrase from the config file correctly (tested), and sets
it in $ENV{'SMIME_PASS'}.
However, when calling openssl with safe_run_child(run3()), the openssl
process cannot find the environment variable:
---------------------------------------------------------------------------------------------------------------------
[13565] [Thu Oct 30 09:05:26 2014] [debug]: openssl command:
/usr/bin/openssl smime -sign -signer .pem -inkey .pem -passin
env:SMIME_PASS|/usr/bin/openssl smime -encrypt -des3 /tmp/NVTeGADmSO
(/usr/local/share/request-tracker4/lib/RT/Crypt/SMIME.pm:383)
[13565] [Thu Oct 30 09:05:26 2014] [debug]: openssl stderr: Can't read
environment variable SMIME_PASS Error getting password unable to write
'random state' (/usr/local/share/request-tracker4/lib/RT/Crypt/SMIME.pm:384)
----------------------------------------------------------------------------------------------------------------------
I think the underlying reason is that mod_perl by default don't pass
%ENV to child processes unless they are specifically stated in the
site configuration:
- http://search.cpan.org/~gozer/mod_perl-1.31/mod_perl.pod#ENVIRONMENT
- http://mail-archives.apache.org/mod_mbox/perl-modperl/200808.mbox/%3C5CAFF755525FC5418CCF35FAEB2683BE12A319F4@njpcmg1exms305.leh.lbcorp.lehman.com%3E
Anyone knows if this works with FastCGI or other web server different
from Apache?
What would be a (secure) alternative for passing the passphrase to
openssl? STDIN? another file descriptor?
Thank you in advance.
Marcos.
--
RT Training - November 4-5 Los Angeles
http://bestpractical.com/training