Citeren Josef 'Jeff' Sipek <jeff.sipek@open-xchange.com>:
On Thu, Aug 13, 2020 at 21:16:42 +0200, Arjen de Korte wrote:
Citeren Timo Sirainen <timo@sirainen.com>:
!include_try ssl-keys.conf
That will only work to include an optional configuration file and suppress errors if it doesn't exist. I put
ssl_key = </etc/ssl/private/de-korte.org.key
in a separate configuration file and it failed in a similar fashion, just with another filename.
I think the idea was that the file with the ssl_key line was only root-readable. That way, non-privilged users will fail to include the file.
Is that what you tried?
No, but you put me on the right track.
What is needed is to !include_try the whole previous SSL configuration
file only for root and to precede this by an include for a new one
which disables SSL completely. So first SSL will be disabled for all
users (including root) and only for root, the SSL configuration will
be loaded after that.