Constantine Plotnikov <constantine.plotnikov@xxxxxxxxx> writes: > On Fri, Jun 12, 2009 at 11:56 AM, Daniel Stenberg<daniel@xxxxxxx> wrote: >> On Fri, 12 Jun 2009, Nanako Shiraishi wrote: >> >>> It would be ideal if you can inspect the certificate and decide if you >>> need to ask for decrypting password before using it (and otherwise you don't >>> ask). If you can't do that, probably you can introduce a config var that >>> says "this certificate is encrypted", and bypass your new code if that >>> config var isn't set. >> >> Is this really a common setup? Using an unencrypted private key sounds like >> a really bad security situation to me. The certificate is never encrupted, >> the passphrase is for the key. >> > For SSH using unencrypted private key is very common for scripting and > cron jobs. For HTTPS situation looks like being worse since there is > no analog of ssh-agent that covers at least some of scripting > scenarios. Do we want to disable scripting for HTTPS? Actually you can use _encrypted_ private keys together with ssh-agent and for example keychain helper for scripting. You have to provide password to all listed private keys only once at login. I wonder if something like this would be possible for HTTP certificates... -- Jakub Narebski Poland ShadeHawk on #git -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html