[Fedora-directory-commits] mod_nss nss_engine_init.c,1.32,1.33

Robert Crittenden (rcritten) fedora-directory-commits at redhat.com
Mon Jul 14 20:25:56 UTC 2008 

Author: rcritten

Update of /cvs/dirsec/mod_nss
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv5196

Modified Files:
	nss_engine_init.c 
Log Message:
Don't inherit the MP cache when running in threaded mode
Don't initialize the database if the SSL is disabled in the configuration

454701



Index: nss_engine_init.c
===================================================================
RCS file: /cvs/dirsec/mod_nss/nss_engine_init.c,v
retrieving revision 1.32
retrieving revision 1.33
diff -u -r1.32 -r1.33
--- nss_engine_init.c	16 May 2008 15:16:02 -0000	1.32
+++ nss_engine_init.c	14 Jul 2008 20:25:53 -0000	1.33
@@ -1084,13 +1084,44 @@
     SSLModConfigRec *mc = myModConfig(base_server);
     SSLSrvConfigRec *sc;
     server_rec *s;
+    int threaded = 0;
+    int sslenabled = FALSE;
 
     mc->pid = getpid(); /* only call getpid() once per-process */
 
-    if (SSL_InheritMPServerSIDCache(NULL) != SECSuccess) {
-        ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL,
-             "SSL_InheritMPServerSIDCache failed");
-        nss_log_nss_error(APLOG_MARK, APLOG_ERR, NULL);
+    /*
+     *  First, see if ssl is enabled at all
+     */
+    for (s = base_server; s; s = s->next) {
+        sc = mySrvConfig(s);
+        /* If any servers have SSL, we want sslenabled set so we
+         * can perform further initialization
+         */
+
+        if (sc->enabled == UNSET) {
+            sc->enabled = FALSE;
+        }
+
+        if (sc->proxy_enabled == UNSET) {
+            sc->proxy_enabled = FALSE;
+        }
+
+        if ((sc->enabled == TRUE) || (sc->proxy_enabled == TRUE)) {
+            sslenabled = TRUE;
+        }
+    }
+
+    if (sslenabled == FALSE) { /* we are not an SSL/TLS server */
+        return;
+    }
+
+    ap_mpm_query(AP_MPMQ_MAX_THREADS, &threaded);
+    if (!threaded) {
+        if (SSL_InheritMPServerSIDCache(NULL) != SECSuccess) {
+            ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL,
+                         "SSL_InheritMPServerSIDCache failed");
+            nss_log_nss_error(APLOG_MARK, APLOG_ERR, NULL);
+        }
     }
 
     nss_init_SSLLibrary(base_server);

More information about the Fedora-directory-commits mailing list