ipa conflicts with mod_ssl (F9)
Rob Crittenden
rcritten at redhat.com
Thu Nov 20 18:37:12 UTC 2008
Daniel P. Berrange wrote:
> On Thu, Nov 20, 2008 at 08:44:06AM -0500, Neal Becker wrote:
>> sudo yum install ipa-server ipa-client ipa-admintools
>> ...
>> ipa-server-1.2.0-1.fc9.x86_64 from updates-newkey has depsolving problems
>> --> ipa-server conflicts with mod_ssl
>> Error: ipa-server conflicts with mod_ssl
>
> IPA requires mod_nss, and mod_nss & mod_ssl are unable to co-exist
> in apache, so IPA has a conflict with mod_ssl. That said, its a little
> od that the Conflicts: is not in the mod_nss RPM itself.
mod_nss and mod_ssl can co-exist ok. The problem is when you also want
to use mod_proxy. mod_proxy doesn't have a generic way to register SSL
callbacks. It has a single API. Both mod_ssl and mod_nss can register
those callbacks but mod_nss will defer to mod_ssl if it is already
loaded. Hence if you are using mod_nss and mod_proxy together, as IPA
does, then mod_ssl will conflict.
And unfortunately it is the mere loading of mod_ssl that registers these
functions, so even having it installed, even if you aren't using it,
will cause problems. Simply renaming ssl.conf isn't enough either
because the next time that mod_ssl gets updated a new ssl.conf will be
written by rpm, causing a previously working system to mysteriously break.
The Conflict isn't ideal but it's the only sure-fire way we've found.
rob
More information about the fedora-devel-list
mailing list