On Fri, Jun 12, 2009 at 11:56 AM, Daniel Stenberg<daniel@xxxxxxx> wrote: > On Fri, 12 Jun 2009, Nanako Shiraishi wrote: > >> It would be ideal if you can inspect the certificate and decide if you >> need to ask for decrypting password before using it (and otherwise you don't >> ask). If you can't do that, probably you can introduce a config var that >> says "this certificate is encrypted", and bypass your new code if that >> config var isn't set. > > Is this really a common setup? Using an unencrypted private key sounds like > a really bad security situation to me. The certificate is never encrupted, > the passphrase is for the key. > For SSH using unencrypted private key is very common for scripting and cron jobs. For HTTPS situation looks like being worse since there is no analog of ssh-agent that covers at least some of scripting scenarios. Do we want to disable scripting for HTTPS? Constantine -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html