[Mod_nss-list] Mod_nss newbie here - issue with mod_proxy and mod_nss 1.0.8
Rob Crittenden
rcritten at redhat.com
Fri May 28 19:46:31 UTC 2010
Mike Staver wrote:
>> mod_proxy provides a single interface for registering the SSL functions
>> it needs. Since mod_ssl blindly registers when it loads mod_nss skips it
>> if it detects mod_ssl. So yes, merely having a 'LoadModule ssl_module
>> modules/mod_ssl.so' somewhere in the configuration is enough to make
>> mod_nss not work with mod_proxy.
>>
>> Note that some recent changes for the mod_nss/mod_proxy interaction were
>> pushed out to the source HEAD recently. You'll probably want to pull the
>> source from CVS if you're using the 1.0.8 tarball. This will let mod_nss
>> work with mod_proxy as a reverse SSL proxy.
>
> Thanks - I'm confident that I'm not loading mod_ssl with my Apache config
> if that's the only way it's done. In fact, I didn't even compile it on
> this machine... However, OpenSSL is installed in another directory and I
> can't imagine it would impact this, but then again, I know next to nothing
> about this software :)
Heh, no, the mod_ssl module needs to be loaded for this to be a problem,
the openssl libraries aren't a problem.
You might try cranking up the LogLevel to debug and see if you get any
interesting data out.
> How stable would you say the latest is? I'd like to use this on a
> production server if possible.
I may be biased but I think it's stable. It's the default SSL engine for
the 389-ds admin server, is used in freeIPA and a few other open source
projects. It's been available in Fedora for several years now.
regards
rob
More information about the Mod_nss-list
mailing list