[Fedora-directory-commits] mod_admserv mod_admserv.c,1.29,1.30
Richard Allen Megginson (rmeggins)
fedora-directory-commits at redhat.com
Tue Jun 19 23:31:15 UTC 2007
Author: rmeggins
Update of /cvs/dirsec/mod_admserv
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23269
Modified Files:
mod_admserv.c
Log Message:
Resolves: bug 244937
Description: mod_admserv: Should do client TLS/SSL init even if mod_nss not used
Fix Description: The way the code currently works is that mod_admserv let's mod_nss do all of the NSS initialization. But mod_nss is only used when the admin server is also a TLS/SSL server. mod_admserv still needs to do NSS initialization when it is a TLS/SSL client (e.g. of the config DS using LDAPS). This fix allows mod_admserv to do the client side TLS/SSL init.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
Index: mod_admserv.c
===================================================================
RCS file: /cvs/dirsec/mod_admserv/mod_admserv.c,v
retrieving revision 1.29
retrieving revision 1.30
diff -u -r1.29 -r1.30
--- mod_admserv.c 11 May 2007 19:46:36 -0000 1.29
+++ mod_admserv.c 19 Jun 2007 23:31:12 -0000 1.30
@@ -751,12 +751,18 @@
}
static int
-sslinit()
+sslinit(AdmldapInfo info, const char *configdir)
{
if (!NSS_IsInitialized()) {
- ap_log_error(APLOG_MARK, APLOG_CRIT, 0 /* status */, NULL,
- "sslinit: mod_nss has not been started and initialized: cannot start server");
- exit(1);
+ /* mod_nss is used when we are a TLS/SSL server - mod_nss starts up before we do
+ and will set up all of the TLS/SSL stuff */
+ /* if we are acting as simply a TLS/SSL client to the directory server,
+ we still have to perform our own TLS/SSL client init */
+ if (ADMSSL_Init(info, configdir, 0)) {
+ ap_log_error(APLOG_MARK, APLOG_CRIT, 0 /* status */, NULL,
+ "sslinit: NSS is required to use LDAPS, but security initialization failed. Cannot start server");
+ exit(1);
+ }
} else {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0 /* status */, NULL,
"sslinit: mod_nss has been started and initialized");
@@ -794,7 +800,7 @@
}
if (admldapGetSecurity(info)) {
- sslinit();
+ sslinit(info, configdir);
if (admldapBuildInfoSSL(info, &error)) {
} else {
char *host = admldapGetHost(info);
@@ -1371,7 +1377,7 @@
}
if (admldapGetSecurity(ldapInfo)) {
- sslinit();
+ sslinit(ldapInfo, admroot);
}
destroyAdmldap(ldapInfo);
@@ -2035,7 +2041,7 @@
}
if (admldapGetSecurity(info)) {
- sslinit();
+ sslinit(info, configdir);
if (admldapBuildInfoSSL(info, &error)) {
} else {
ap_log_error(APLOG_MARK, APLOG_CRIT, 0, base_server,
More information about the Fedora-directory-commits
mailing list