[Fedora-directory-commits] adminserver configure.ac, 1.23, 1.24 aclocal.m4, 1.37, 1.38 configure, 1.41, 1.42 config.h.in, 1.6, 1.7 missing, 1.27, 1.28 install-sh, 1.27, 1.28 depcomp, 1.27, 1.28 compile, 1.26, 1.27 Makefile.in, 1.44, 1.45 config.sub, 1.27, 1.28 config.guess, 1.27, 1.28

Richard Allen Megginson (rmeggins) fedora-directory-commits at redhat.com
Tue Dec 18 19:55:25 UTC 2007 

Author: rmeggins

Update of /cvs/dirsec/adminserver
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14602/adminserver

Modified Files:
	configure.ac aclocal.m4 configure config.h.in missing 
	install-sh depcomp compile Makefile.in config.sub config.guess 
Log Message:
Resolves: bug 426056
Bug Description: Unable to connect to admin express via SSL - firefox cipher issues?
Reviewed by: nkinder, nhosoi (Thanks!)
Fix Description: The admin server was defaulting to EXPORT instead of DOMESTIC so was not enabling the domestic ciphers by default.  Then when the admin server SSL was configured, it would give it a list of old ciphers not currently supported by Firefox.  Also, we are still being affected by Bug 151705 Processed: AS 6.2 Console cipher preferences bug, so when the list of ciphers pops up, you have to make sure all of the SSLv2 ciphers are disabled and the SSLv3 and TLS ciphers you want to use are enabled.
I also discovered a problem with the ugdsconfig CGI program - it was being caught by the admldapBuildInfoSSL problem where it tries to use the SIEDN to bind.  So I had to use the same hack used in mod_admserv and elsewhere to force it to use the correct bind dn and password.
Finally, I updated the list of ciphers in console.conf to reflect the full list of ciphers supported by mod_nss.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no



Index: configure.ac
===================================================================
RCS file: /cvs/dirsec/adminserver/configure.ac,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -r1.23 -r1.24
--- configure.ac	12 Dec 2007 00:45:38 -0000	1.23
+++ configure.ac	18 Dec 2007 19:55:22 -0000	1.24
@@ -102,6 +102,8 @@
 
 m4_include(m4/fhs.m4)
 
+AC_DEFINE([NS_DOMESTIC], [1], [Domestic security level enabled by default])
+
 # server userid, groupid
 httpduser=nobody
 httpdgroup=nobody




Index: configure
===================================================================
RCS file: /cvs/dirsec/adminserver/configure,v
retrieving revision 1.41
retrieving revision 1.42
diff -u -r1.41 -r1.42
--- configure	17 Dec 2007 20:10:05 -0000	1.41
+++ configure	18 Dec 2007 19:55:22 -0000	1.42
@@ -23030,6 +23030,12 @@
 fi
 
 
+
+cat >>confdefs.h <<\_ACEOF
+#define NS_DOMESTIC 1
+_ACEOF
+
+
 # server userid, groupid
 httpduser=nobody
 httpdgroup=nobody


Index: config.h.in
===================================================================
RCS file: /cvs/dirsec/adminserver/config.h.in,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- config.h.in	30 Jul 2007 23:13:45 -0000	1.6
+++ config.h.in	18 Dec 2007 19:55:23 -0000	1.7
@@ -248,6 +248,9 @@
 /* Define to 1 if your C compiler doesn't accept -c and -o together. */
 #undef NO_MINUS_C_MINUS_O
 
+/* Domestic security level enabled by default */
+#undef NS_DOMESTIC
+
 /* OS version */
 #undef OSVERSION

More information about the Fedora-directory-commits mailing list