From Stamper_John at bah.com Thu May 17 19:54:50 2012 From: Stamper_John at bah.com (Stamper, John [USA]) Date: Thu, 17 May 2012 19:54:50 +0000 Subject: [Mod_nss-list] Reference to https://bugzilla.redhat.com/show_bug.cgi?id=702437 Message-ID: <4BAA6E5EDD742C4186FCF39E3A19933E04668F3F@ASHBDAG3M1.resource.ds.bah.com> Is there any way for the functionality contained within release 13 of mod_nss version 1.0.8 to be backported to EL-5? We are using mod_nss-1.0.8-4.el5_6.1 on RHEL5 and the first request for a certificate from the client is working fine but when our system redirects to a different page (to register that person in the system), the X.509 certificate object is no longer in the HttpRequest object. Having read the thread on this functionality change, I am thinking it will cure our issue. So three questions ... 1. Am I correct that the functionality contained within release 13 of mod_nss 1.0.8 will indeed fix our situation? 2. If so, can/will your organization generate an RPM that will work on RHEL5? 3. Or must we do it? And if we must do it, what would be the steps to do so? Thank you for your time. v/r, John Stamper -------------- next part -------------- An HTML attachment was scrubbed... URL: From rcritten at redhat.com Fri May 18 13:17:34 2012 From: rcritten at redhat.com (Rob Crittenden) Date: Fri, 18 May 2012 09:17:34 -0400 Subject: [Mod_nss-list] Reference to https://bugzilla.redhat.com/show_bug.cgi?id=702437 In-Reply-To: <4BAA6E5EDD742C4186FCF39E3A19933E04668F3F@ASHBDAG3M1.resource.ds.bah.com> References: <4BAA6E5EDD742C4186FCF39E3A19933E04668F3F@ASHBDAG3M1.resource.ds.bah.com> Message-ID: <4FB64BEE.40401@redhat.com> Stamper, John [USA] wrote: > Is there any way for the functionality contained within release 13 of > mod_nss version 1.0.8 to be backported to EL-5? We are using > *mod_nss-1.0.8-4.el5_6.1* on RHEL5 and the first request for a > certificate from the client is working fine but when our system > redirects to a different page (to register that person in the system), > the X.509 certificate object is no longer in the HttpRequest object. > > Having read the thread on this > functionality > change, I am thinking it will cure our issue. > > So three questions ? > > 1.Am I correct that the functionality contained within release 13 of > mod_nss 1.0.8 will indeed fix our situation? It looks like it. The client certificate was only being obtained on the initial handshake. > 2.If so, can/will your organization generate an RPM that will work on RHEL5? This list is for users and developers of mod_nss, not any particular organization. Opening a support request with Red Hat would be my recommendation. Or you can file a bug report against mod_nss in EL5 asking this to be backported, bugzilla.redhat.com. > 3.Or must we do it? And if we must do it, what would be the steps to do so? You can grab the EL6 mod_nss srpm from ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/mod_nss-1.0.8-14.el6_2.src.rpm You won't be able to build this directly because the version of Apache changed between EL 5 and 6. You'll need to extract the patch, grab the latest mod_nss package for EL5 from ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/mod_nss-1.0.8-4.el5_6.1.src.rpm, and try adding it yourself. You can extract the contents of an rpm into the current directory with: rpm2cpio foo.src.rpm | cpio -idv Add the patch to the spec, I'd change the version by adding something to the end to make upgrades possible, add a changelog, then build with rpmbuild -ba mod_nss.spec. There is always a chance that this patch relies on changes from previous patches so it can get hairy. rob