Attachment 157430 Details for Bug 244937 – diffs

[patch] diffs

cvsdiffs (text/plain), 3.35 KB, created by Rich Megginson on 2007-06-19 23:12:33 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Rich Megginson

Created: 2007-06-19 23:12:33 UTC

Size: 3.35 KB

patch

obsolete

>Index: mod_admserv.c
>===================================================================
>RCS file: /cvs/dirsec/mod_admserv/mod_admserv.c,v
>retrieving revision 1.29
>diff -u -8 -r1.29 mod_admserv.c
>--- mod_admserv.c	11 May 2007 19:46:36 -0000	1.29
>+++ mod_admserv.c	19 Jun 2007 23:12:02 -0000
>@@ -746,22 +746,28 @@
>     data->bindPW = NULL;
> 
>     ldap_free_urldesc(ldapInfo);
> 
>     return TRUE;
> }
> 
> static int
>-sslinit()
>+sslinit(AdmldapInfo info, const char *configdir)
> {
>     if (!NSS_IsInitialized()) {
>-        ap_log_error(APLOG_MARK, APLOG_CRIT, 0 /* status */, NULL,
>-                     "sslinit: mod_nss has not been started and initialized: cannot start server");
>-        exit(1);
>+        /* mod_nss is used when we are a TLS/SSL server - mod_nss starts up before we do
>+           and will set up all of the TLS/SSL stuff */
>+        /* if we are acting as simply a TLS/SSL client to the directory server, 
>+           we still have to perform our own TLS/SSL client init */
>+        if (ADMSSL_Init(info, configdir, 0)) {
>+            ap_log_error(APLOG_MARK, APLOG_CRIT, 0 /* status */, NULL,
>+                         "sslinit: NSS is required to use LDAPS, but security initialization failed.  Cannot start server");
>+            exit(1);
>+        }
>     } else {
>         ap_log_error(APLOG_MARK, APLOG_DEBUG, 0 /* status */, NULL,
>                      "sslinit: mod_nss has been started and initialized");
>     }
> 
>     return 1;
> }
> 
>@@ -789,17 +795,17 @@
>     if (!(info = admldapBuildInfo(configdir, &error))) {
>         ap_log_error(APLOG_MARK, APLOG_CRIT, 0 /* status */, s,
>                      "buildUGInfo(): unable to create AdmldapInfo (error code = %d)",
>                      error);
>         goto done;
>     }
> 
>     if (admldapGetSecurity(info)) {
>-        sslinit();
>+        sslinit(info, configdir);
>         if (admldapBuildInfoSSL(info, &error)) {
>         } else {
>             char *host = admldapGetHost(info);
>             ap_log_error(APLOG_MARK, APLOG_CRIT, 0 /* status */, s,
>                          "buildUGInfo(): unable to initialize TLS connection to LDAP host %s port %d: %d",
>                          host, admldapGetPort(info), error);
>             PL_strfree(host);
> 			goto done;
>@@ -1366,17 +1372,17 @@
> 
>     if (!ldapInfo) {
>         ap_log_rerror(APLOG_MARK, APLOG_CRIT, 0, r,
>                       "AdmInit: Failed to read data from adm.conf");
>         return 0;
>     }
> 
>     if (admldapGetSecurity(ldapInfo)) {
>-        sslinit();
>+        sslinit(ldapInfo, admroot);
>     }
> 
>     destroyAdmldap(ldapInfo);
> 
>     binddn = apr_table_get(r->notes, RQ_NOTES_USERDN);
>     bindpw = apr_table_get(r->notes, RQ_NOTES_USERPW);
> 
>     pset = psetCreateSSL((char*)"admin-serv", 
>@@ -2030,17 +2036,17 @@
>     } else {
>         ap_log_error(APLOG_MARK, APLOG_CRIT, 0, base_server,
>                      "host_ip_init(): unable to create AdmldapInfo (error code = %d)",
>                      error);
>         return DONE;
>     }
>   
>     if (admldapGetSecurity(info)) {
>-        sslinit();
>+        sslinit(info, configdir);
>         if (admldapBuildInfoSSL(info, &error)) {
>         } else {
>             ap_log_error(APLOG_MARK, APLOG_CRIT, 0, base_server,
>                          "host_ip_init(): unable to create secure AdmldapInfo (error code = %d)",
>                          error);
>             destroyAdmldap(info);
>             return DONE;
>         }

Actions: View | Diff

Attachments on bug 244937: 157430