Bug 676449
Summary: | Latest update breaks mod_nss and SSL sites. | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 5 | Reporter: | Arthur Enright <aenright> | ||||
Component: | mod_nss | Assignee: | Rob Crittenden <rcritten> | ||||
Status: | CLOSED DUPLICATE | QA Contact: | Chandrasekar Kannan <ckannan> | ||||
Severity: | urgent | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | 5.6 | CC: | benl, dpal | ||||
Target Milestone: | rc | ||||||
Target Release: | --- | ||||||
Hardware: | x86_64 | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2011-02-11 15:18:27 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Arthur Enright
2011-02-09 22:03:40 UTC
Created attachment 477917 [details]
sosreport
sosreport with nss.conf moved out of httpd/conf.d and SSL vhosts temporarily removed.
Can you determine whether the regression was caused by the httpd upgrade or the mod_nss upgrade? (i.e. if you downgrade httpd does it still break?) I rolled back the following packages: httpd-2.2.3-43.el5 mod_ssl-2.2.3-43.el5 The mod_nss issues persist but when I move httpd/conf.d/mod_nss out of the way my SSL sites now work. This solves the most immediate issue as the server can now serve SSL traffic. Would you like me to roll back mod_nss or any of the core NSS libraries and test? -Art Re-assigning to mod_nss. This may be related to https://bugzilla.redhat.com/show_bug.cgi?id=669963 Can you check the permissions on the .db files in /etc/httpd/alias? They should be mode 0640 root:apache. Current perms after update: # pwd /etc/httpd/alias # ll total 128 -rw------- 1 root root 65536 Jun 8 2010 cert8.db -rw------- 1 root root 4395 Jun 8 2010 install.log -rw------- 1 root root 16384 Jun 8 2010 key3.db lrwxrwxrwx 1 root root 33 Feb 8 22:52 libnssckbi.so -> ../../..//usr/lib64/libnssckbi.so -rw------- 1 root root 16384 Jun 8 2010 secmod.db after changing ownership and perms I was able to move the nss.conf file back into place, update the httpd and mod_ssl RPMs to latest and bounce Apache w/out any errors. Did the latest mod_nss RPM fail to set perms after update? Yes, there is a bug in the %post script in mod_nss that misses fixing permissions on existing databases. mod_nss 1.0.3 opened the NSS databases only as root. mod_nss 1.0.8 needs to open it as the apache user. The difference is opening in prefork vs in each child. Marking as a duplicate of 669963. *** This bug has been marked as a duplicate of bug 669963 *** |