[Mod_nss-list] Reference to https://bugzilla.redhat.com/show_bug.cgi?id=702437
Rob Crittenden
rcritten at redhat.com
Fri May 18 13:17:34 UTC 2012
Stamper, John [USA] wrote:
> Is there any way for the functionality contained within release 13 of
> mod_nss version 1.0.8 to be backported to EL-5? We are using
> *mod_nss-1.0.8-4.el5_6.1* on RHEL5 and the first request for a
> certificate from the client is working fine but when our system
> redirects to a different page (to register that person in the system),
> the X.509 certificate object is no longer in the HttpRequest object.
>
> Having read the thread on this
> <https://bugzilla.redhat.com/show_bug.cgi?id=702437> functionality
> change, I am thinking it will cure our issue.
>
> So three questions …
>
> 1.Am I correct that the functionality contained within release 13 of
> mod_nss 1.0.8 will indeed fix our situation?
It looks like it. The client certificate was only being obtained on the
initial handshake.
> 2.If so, can/will your organization generate an RPM that will work on RHEL5?
This list is for users and developers of mod_nss, not any particular
organization. Opening a support request with Red Hat would be my
recommendation. Or you can file a bug report against mod_nss in EL5
asking this to be backported, bugzilla.redhat.com.
> 3.Or must we do it? And if we must do it, what would be the steps to do so?
You can grab the EL6 mod_nss srpm from
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/mod_nss-1.0.8-14.el6_2.src.rpm
You won't be able to build this directly because the version of Apache
changed between EL 5 and 6.
You'll need to extract the patch, grab the latest mod_nss package for
EL5 from
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/mod_nss-1.0.8-4.el5_6.1.src.rpm,
and try adding it yourself.
You can extract the contents of an rpm into the current directory with:
rpm2cpio foo.src.rpm | cpio -idv
Add the patch to the spec, I'd change the version by adding something to
the end to make upgrades possible, add a changelog, then build with
rpmbuild -ba mod_nss.spec.
There is always a chance that this patch relies on changes from previous
patches so it can get hairy.
rob
More information about the Mod_nss-list
mailing list