Bug 213081 - mod_nss is incorrectly determining model
Summary: mod_nss is incorrectly determining model
Alias: None
Product: Red Hat Fortitude
Classification: Retired
Component: General
Version: 1.0
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Rob Crittenden
QA Contact: Ben Levenson
Depends On:
Blocks: 180565
TreeView+ depends on / blocked
Reported: 2006-10-30 19:23 UTC by Rob Crittenden
Modified: 2015-01-05 00:02 UTC (History)
1 user (show)

Clone Of:
Last Closed:

Attachments (Terms of Use)

Description Rob Crittenden 2006-10-30 19:23:56 UTC
NSS provides 2 mechanisms for the SSL server cache. One is for threaded programs
and one is for forked (to keep things in sync).

The mod_nss module attempts to detect the Apache model and use the appropriate
method in NSS. Unfortunately the method used is incorrect.

The code currently calls apm_mpm_query() with AP_MPMQ_IS_FORKED. Both worker and
prefork models return the same value, AP_MPMQ_DYNAMIC.

It instead needs to use AP_MPMQ_MAX_THREADS. This returns 0 for prefork and the
# of threads in the worker model where the # of threads has to be > 0.

Comment 1 Rob Crittenden 2006-10-30 19:25:19 UTC
The diff is:

Index: nss_engine_init.c
RCS file: /cvs/dirsec/mod_nss/nss_engine_init.c,v
retrieving revision 1.26
diff -u -r1.26 nss_engine_init.c
--- nss_engine_init.c   26 Oct 2006 18:59:24 -0000      1.26
+++ nss_engine_init.c   30 Oct 2006 19:24:23 -0000
@@ -142,7 +142,7 @@
     SECStatus rv;
     SSLModConfigRec *mc = myModConfig(s);
     SSLSrvConfigRec *sc; 
-    int forked = 0;
+    int threaded = 0;
     char cwd[PATH_MAX];
     sc = mySrvConfig(s);
@@ -207,8 +207,8 @@
     ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
         "Initializing SSL Session Cache of size %d. SSL2 timeout = %d, SSL3/TLS
timeout = %d.", mc->session_cache_size, mc->session_cache_timeout,
-    ap_mpm_query(AP_MPMQ_IS_FORKED, &forked);
-    if (forked)
+    ap_mpm_query(AP_MPMQ_MAX_THREADS, &threaded);
+    if (!threaded)
         SSL_ConfigMPServerSIDCache(mc->session_cache_size, (PRUint32)
mc->session_cache_timeout, (PRUint32) mc->ssl3_session_cache_timeout, NULL);
         SSL_ConfigServerSessionIDCache(mc->session_cache_size, (PRUint32)
mc->session_cache_timeout, (PRUint32) mc->ssl3_session_cache_timeout, NULL);

Tested on Solaris 9 and Fedora Core 4.

Comment 2 Rob Crittenden 2006-10-30 19:30:58 UTC
I should note that to run the threaded model of Apache run httpd.worker.

Comment 3 Rob Crittenden 2006-10-30 21:12:56 UTC
Checked into tip.

Checking in nss_engine_init.c;
/cvs/dirsec/mod_nss/nss_engine_init.c,v  <--  nss_engine_init.c
new revision: 1.27; previous revision: 1.26

Comment 4 Rob Crittenden 2007-01-10 18:47:59 UTC
This is fixed in fortitude-mod_nss 1.0.6-1

Note You need to log in before you can comment on or make changes to this bug.