Bug 213081 - mod_nss is incorrectly determining model
mod_nss is incorrectly determining model
Status: MODIFIED
Product: Red Hat Fortitude
Classification: Retired
Component: General (Show other bugs)
1.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Rob Crittenden
Ben Levenson
:
Depends On:
Blocks: 180565
  Show dependency treegraph
 
Reported: 2006-10-30 14:23 EST by Rob Crittenden
Modified: 2015-01-04 19:02 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Rob Crittenden 2006-10-30 14:23:56 EST
NSS provides 2 mechanisms for the SSL server cache. One is for threaded programs
and one is for forked (to keep things in sync).

The mod_nss module attempts to detect the Apache model and use the appropriate
method in NSS. Unfortunately the method used is incorrect.

The code currently calls apm_mpm_query() with AP_MPMQ_IS_FORKED. Both worker and
prefork models return the same value, AP_MPMQ_DYNAMIC.

It instead needs to use AP_MPMQ_MAX_THREADS. This returns 0 for prefork and the
# of threads in the worker model where the # of threads has to be > 0.
Comment 1 Rob Crittenden 2006-10-30 14:25:19 EST
The diff is:

Index: nss_engine_init.c
===================================================================
RCS file: /cvs/dirsec/mod_nss/nss_engine_init.c,v
retrieving revision 1.26
diff -u -r1.26 nss_engine_init.c
--- nss_engine_init.c   26 Oct 2006 18:59:24 -0000      1.26
+++ nss_engine_init.c   30 Oct 2006 19:24:23 -0000
@@ -142,7 +142,7 @@
     SECStatus rv;
     SSLModConfigRec *mc = myModConfig(s);
     SSLSrvConfigRec *sc; 
-    int forked = 0;
+    int threaded = 0;
     char cwd[PATH_MAX];
 
     sc = mySrvConfig(s);
@@ -207,8 +207,8 @@
 
     ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
         "Initializing SSL Session Cache of size %d. SSL2 timeout = %d, SSL3/TLS
timeout = %d.", mc->session_cache_size, mc->session_cache_timeout,
mc->ssl3_session_cache_timeout);
-    ap_mpm_query(AP_MPMQ_IS_FORKED, &forked);
-    if (forked)
+    ap_mpm_query(AP_MPMQ_MAX_THREADS, &threaded);
+    if (!threaded)
         SSL_ConfigMPServerSIDCache(mc->session_cache_size, (PRUint32)
mc->session_cache_timeout, (PRUint32) mc->ssl3_session_cache_timeout, NULL);
     else
         SSL_ConfigServerSessionIDCache(mc->session_cache_size, (PRUint32)
mc->session_cache_timeout, (PRUint32) mc->ssl3_session_cache_timeout, NULL);

Tested on Solaris 9 and Fedora Core 4.
Comment 2 Rob Crittenden 2006-10-30 14:30:58 EST
I should note that to run the threaded model of Apache run httpd.worker.
Comment 3 Rob Crittenden 2006-10-30 16:12:56 EST
Checked into tip.

Checking in nss_engine_init.c;
/cvs/dirsec/mod_nss/nss_engine_init.c,v  <--  nss_engine_init.c
new revision: 1.27; previous revision: 1.26
done
Comment 4 Rob Crittenden 2007-01-10 13:47:59 EST
This is fixed in fortitude-mod_nss 1.0.6-1

Note You need to log in before you can comment on or make changes to this bug.