[Fedora-directory-commits] mod_nss nss_engine_init.c,1.25,1.26

[Robert Crittenden (rcritten)]

Author: rcritten

Update of /cvs/dirsec/mod_nss
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14785

Modified Files:
	nss_engine_init.c 
Log Message:
212426

Don't fire up the NSS engine if SSL isn't enabled.



Index: nss_engine_init.c
===================================================================
RCS file: /cvs/dirsec/mod_nss/nss_engine_init.c,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -r1.25 -r1.26
--- nss_engine_init.c	20 Oct 2006 15:23:39 -0000	1.25
+++ nss_engine_init.c	26 Oct 2006 18:59:24 -0000	1.26
@@ -134,10 +134,8 @@
 /*
  *  Initialize SSL library
  *
- *  If sslenabled is not set then there is no need to prompt for the token
- *  passwords. 
  */
-static void nss_init_SSLLibrary(server_rec *s, int sslenabled, int fipsenabled,
+static void nss_init_SSLLibrary(server_rec *s, int fipsenabled,
                                 int ocspenabled, int ocspdefault,
                                 const char * ocspurl, const char *ocspname)
 {
@@ -153,7 +151,7 @@
                  "Init: %snitializing NSS library", mc->nInitCount == 1 ? "I" : "Re-i");
 
     /* Do we need to fire up our password helper? */
-    if (mc->nInitCount == 1 && sslenabled) {
+    if (mc->nInitCount == 1) {
         const char * child_argv[4];
         apr_status_t rv;
 
@@ -237,7 +235,7 @@
     }
 
     /* Assuming everything is ok so far, check the cert database password(s). */
-    if (sslenabled && (rv != SECSuccess)) {
+    if (rv != SECSuccess) {
         NSS_Shutdown();
         ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
             "NSS initialization failed. Certificate database: %s.", mc->pCertificateDatabase != NULL ? mc->pCertificateDatabase : "not set in configuration");
@@ -262,7 +260,7 @@
         } /* FIPS is already enabled, nothing to do */
     }
 
-    if (sslenabled && (nss_Init_Tokens(s) != SECSuccess)) {
+    if (nss_Init_Tokens(s) != SECSuccess) {
         NSS_Shutdown();
         ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
             "NSS initialization failed. Certificate database: %s.", mc->pCertificateDatabase != NULL ? mc->pCertificateDatabase : "not set in configuration");
@@ -396,6 +394,10 @@
             sc->enabled = FALSE;
         }
 
+        if (sc->proxy_enabled == UNSET) {
+            sc->proxy_enabled = FALSE;
+        }
+
         if (sc->fips == TRUE) {
             fipsenabled = TRUE;
         }
@@ -404,14 +406,10 @@
             ocspenabled = TRUE;
         }
 
-        if (sc->enabled == TRUE) {
+        if ((sc->enabled == TRUE) || (sc->proxy_enabled == TRUE)) {
             sslenabled = TRUE;
         }
 
-        if (sc->proxy_enabled == UNSET) {
-            sc->proxy_enabled = FALSE;
-        }
-
         if (sc->ocsp_default == TRUE) {
             ocspdefault = TRUE;
             ocspurl = sc->ocsp_url;
@@ -424,7 +422,10 @@
         }
     }
 
-    nss_init_SSLLibrary(base_server, sslenabled, fipsenabled, ocspenabled,
+    if (sslenabled == FALSE)
+        return OK;
+
+    nss_init_SSLLibrary(base_server, fipsenabled, ocspenabled,
         ocspdefault, ocspurl, ocspname);
     ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
                  "done Init: Initializing NSS library");
@@ -1083,7 +1084,8 @@
 
             /* Closing this implicitly cleans up the copy of the certificates
              * and keys associated with any SSL socket */
-            PR_Close(sc->server->model);
+            if (sc->server->model)
+                PR_Close(sc->server->model);
 
             shutdown = 1;
         }
@@ -1095,7 +1097,8 @@
 
             /* Closing this implicitly cleans up the copy of the certificates
              * and keys associated with any SSL socket */
-            PR_Close(sc->proxy->model);
+            if (sc->proxy->model)
+                PR_Close(sc->proxy->model);
 
             shutdown = 1;
         }