[Fedora-directory-commits] mod_admserv mod_admserv.c,1.29,1.30

Richard Allen Megginson (rmeggins) fedora-directory-commits at redhat.com
Tue Jun 19 23:31:15 UTC 2007 

Author: rmeggins

Update of /cvs/dirsec/mod_admserv
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23269

Modified Files:
	mod_admserv.c 
Log Message:
Resolves: bug 244937
Description: mod_admserv: Should do client TLS/SSL init even if mod_nss not used
Fix Description: The way the code currently works is that mod_admserv let's mod_nss do all of the NSS initialization.  But mod_nss is only used when the admin server is also a TLS/SSL server.  mod_admserv still needs to do NSS initialization when it is a TLS/SSL client (e.g. of the config DS using LDAPS).  This fix allows mod_admserv to do the client side TLS/SSL init.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no



Index: mod_admserv.c
===================================================================
RCS file: /cvs/dirsec/mod_admserv/mod_admserv.c,v
retrieving revision 1.29
retrieving revision 1.30
diff -u -r1.29 -r1.30
--- mod_admserv.c	11 May 2007 19:46:36 -0000	1.29
+++ mod_admserv.c	19 Jun 2007 23:31:12 -0000	1.30
@@ -751,12 +751,18 @@
 }
 
 static int
-sslinit()
+sslinit(AdmldapInfo info, const char *configdir)
 {
     if (!NSS_IsInitialized()) {
-        ap_log_error(APLOG_MARK, APLOG_CRIT, 0 /* status */, NULL,
-                     "sslinit: mod_nss has not been started and initialized: cannot start server");
-        exit(1);
+        /* mod_nss is used when we are a TLS/SSL server - mod_nss starts up before we do
+           and will set up all of the TLS/SSL stuff */
+        /* if we are acting as simply a TLS/SSL client to the directory server, 
+           we still have to perform our own TLS/SSL client init */
+        if (ADMSSL_Init(info, configdir, 0)) {
+            ap_log_error(APLOG_MARK, APLOG_CRIT, 0 /* status */, NULL,
+                         "sslinit: NSS is required to use LDAPS, but security initialization failed.  Cannot start server");
+            exit(1);
+        }
     } else {
         ap_log_error(APLOG_MARK, APLOG_DEBUG, 0 /* status */, NULL,
                      "sslinit: mod_nss has been started and initialized");
@@ -794,7 +800,7 @@
     }
 
     if (admldapGetSecurity(info)) {
-        sslinit();
+        sslinit(info, configdir);
         if (admldapBuildInfoSSL(info, &error)) {
         } else {
             char *host = admldapGetHost(info);
@@ -1371,7 +1377,7 @@
     }
 
     if (admldapGetSecurity(ldapInfo)) {
-        sslinit();
+        sslinit(ldapInfo, admroot);
     }
 
     destroyAdmldap(ldapInfo);
@@ -2035,7 +2041,7 @@
     }
   
     if (admldapGetSecurity(info)) {
-        sslinit();
+        sslinit(info, configdir);
         if (admldapBuildInfoSSL(info, &error)) {
         } else {
             ap_log_error(APLOG_MARK, APLOG_CRIT, 0, base_server,

More information about the Fedora-directory-commits mailing list