Bug 115223

Summary: SSL parameters not taken in account
Product: Red Hat Enterprise Linux 3 Reporter: jean-claude jouffre <jcjouffre>
Component: redhat-config-httpdAssignee: Phil Knirsch <pknirsch>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 3.0CC: rvokal
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2004-07-30 14:55:40 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description jean-claude jouffre 2004-02-09 10:55:30 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; WinNT4.0; fr; rv:1.5)
Gecko/20031007 Firebird/0.7

Description of problem:
when creating a secure virtual host, no SSL parameter is written in
httpd.conf

Version-Release number of selected component (if applicable):
1.1.0-4

How reproducible:
Always

Steps to Reproduce:
1. create a virtual host
2. in SSL page, select SSL support
3. modify or not some options
4. validate all screens
5. the httpd.conf does not contain SSL parameters we have choosen
previously, but only "strange directives" :
   <IfDefine HAVE_SSL>
   </IfDefine>
    

Actual Results:  in httpd.conf, parameters :
<VirtualHost 1.2.3.4>
   <IfDefine HAVE_SSL>
   </IfDefine>


Expected Results:  <VirtualHost 1.2.3.4>
   SSLEngine on
   SSLCertificateFile /myfile1
   SSLCertificateKeyFile /myfile2
   SSLCertificateChainFile /myfile2
   SSLOptions FakeBasicAuth ExportCertData ...



Additional info:

here are some workarounds I made to let it work, but I don't know if
these are the proper fixes :
1) in /usr/share/redhat-config-httpd/ApacheControl.py file
   in _dehydrate_vhost_page_3 method, adding a string conversion :
      vhost.SSLCertificateFile = str(widget.get_text ())
      vhost.SSLCertificateKeyFile = str(widget.get_text ())
      vhost.SSLCertificateChainFile = str(widget.get_text ())
      vhost.SSLCACertificateFile = str(widget.get_text ())
   no need for SLLLog and SSLLogLevel (see 115221 bug)
2) in /usr/share/redhat-config-httpd/httpd.conf.xsl file
   in Virtual hosts part
      removing lines (I didn't understand their purpose) :
            <xsl:for-each select="SSLEngine">
            &lt;IfDefine HAVE_SSL>
         later on :
            </xsl:for-each>
         then :
            &lt;/IfDefine>
      adding the line :
         <xsl:for-each select="SSLOptions">SSLOptions <xsl:value-of
select="@VALUE" /></xsl:for-each>
      after the line :
<xsl:for-each select="SSLCACertificatePath">SSLCACertificatePath
<xsl:value-of select="@VALUE" /></xsl:for-each>

Comment 1 Phil Knirsch 2004-07-30 14:55:40 UTC
OK, that makes sense.

Including fixes, latest rawhide version s-c-h-1.2.1-1 will contain the
changes.

Read ya, Phil