[Mod_nss-list] Reference to https://bugzilla.redhat.com/show_bug.cgi?id=702437

Rob Crittenden rcritten at redhat.com
Fri May 18 13:17:34 UTC 2012 

Stamper, John [USA] wrote:
> Is there any way for the functionality contained within release 13 of
> mod_nss version 1.0.8 to be backported to EL-5? We are using
> *mod_nss-1.0.8-4.el5_6.1* on RHEL5 and the first request for a
> certificate from the client is working fine but when our system
> redirects to a different page (to register that person in the system),
> the X.509 certificate object is no longer in the HttpRequest object.
>
> Having read the thread on this
> <https://bugzilla.redhat.com/show_bug.cgi?id=702437> functionality
> change, I am thinking it will cure our issue.
>
> So three questions …
>
> 1.Am I correct that the functionality contained within release 13 of
> mod_nss 1.0.8 will indeed fix our situation?

It looks like it. The client certificate was only being obtained on the 
initial handshake.

> 2.If so, can/will your organization generate an RPM that will work on RHEL5?

This list is for users and developers of mod_nss, not any particular 
organization. Opening a support request with Red Hat would be my 
recommendation. Or you can file a bug report against mod_nss in EL5 
asking this to be backported, bugzilla.redhat.com.

> 3.Or must we do it? And if we must do it, what would be the steps to do so?

You can grab the EL6 mod_nss srpm from 
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/mod_nss-1.0.8-14.el6_2.src.rpm

You won't be able to build this directly because the version of Apache 
changed between EL 5 and 6.

You'll need to extract the patch, grab the latest mod_nss package for 
EL5 from 
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/mod_nss-1.0.8-4.el5_6.1.src.rpm, 
and try adding it yourself.

You can extract the contents of an rpm into the current directory with: 
rpm2cpio foo.src.rpm | cpio -idv

Add the patch to the spec, I'd change the version by adding something to 
the end to make upgrades possible, add a changelog, then build with 
rpmbuild -ba mod_nss.spec.

There is always a chance that this patch relies on changes from previous 
patches so it can get hairy.

rob

More information about the Mod_nss-list mailing list