[rt-devel] openssl can't read SMIME_PASS environment variable

Marcos Orallo m_orallo at yahoo.es
Thu Oct 30 09:23:05 EDT 2014

I have problems making S/MIME work with RT 4.2.7

My environment consists of Debian testing, RT 4.2.7, Apache 2.4.10,
mod_perl 2.0.9

In /lib/RT/Crypt/SMIME.pm, when trying to send a signed message, RT
reads the passphrase from the config file correctly (tested), and sets
it in $ENV{'SMIME_PASS'}.

However, when calling openssl with safe_run_child(run3()), the openssl
process cannot find the environment variable:

[13565] [Thu Oct 30 09:05:26 2014] [debug]: openssl command:
/usr/bin/openssl smime -sign -signer .pem -inkey .pem -passin
env:SMIME_PASS|/usr/bin/openssl smime -encrypt -des3 /tmp/NVTeGADmSO
[13565] [Thu Oct 30 09:05:26 2014] [debug]: openssl stderr: Can't read
environment variable SMIME_PASS Error getting password unable to write
'random state' (/usr/local/share/request-tracker4/lib/RT/Crypt/SMIME.pm:384)

I think the underlying reason is that mod_perl by default don't pass
%ENV to child processes unless they are specifically stated in the
site configuration:
- http://search.cpan.org/~gozer/mod_perl-1.31/mod_perl.pod#ENVIRONMENT
- http://mail-archives.apache.org/mod_mbox/perl-modperl/200808.mbox/%3C5CAFF755525FC5418CCF35FAEB2683BE12A319F4@njpcmg1exms305.leh.lbcorp.lehman.com%3E

Anyone knows if this works with FastCGI or other web server different
from Apache?
What would be a (secure) alternative for passing the passphrase to
openssl? STDIN? another file descriptor?

Thank you in advance.


More information about the rt-devel mailing list