[Freeipa-devel] ipa-server conflicts with mod_ssl
Rob Crittenden
rcritten at redhat.com
Sat Apr 26 02:13:00 UTC 2008
Joe Harnish wrote:
> All,
>
> I just installed Fedora 9 Preview, updated went to install ipa-server.
> It complained that ipa-server conflicts with mod_ssl. Is the this
> expected behaviour?
>
Yes. We use mod_proxy which has only one set of hooks to do SSL
proxying. Because we use mod_nss for SSL we have to disable mod_ssl.
Unfortunately this can be problematic if mod_ssl is upgraded (and a new
ssl.conf is installed) so for now the two can't co-exist.
It isn't enough to set the mod_ssl SSLEngine off either. If the .so is
loaded by Apache then mod_proxy will try to use mod_ssl instead of
mod_nss for SSL proxying. Perhaps we can come up with a better way of
doing this so that mod_ssl doesn't have to be removed but is still not
loaded.
The long-term fix is to patch mod_proxy to be configurable as to the SSL
engine it uses.
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20080425/085201d2/attachment.bin>
More information about the Freeipa-devel
mailing list