Bug 461028 - Admin Server problem with mod_nss and NSS 3.12 on F9
Admin Server problem with mod_nss and NSS 3.12 on F9
Status: CLOSED CURRENTRELEASE
Product: 389
Classification: Community
Component: Admin (Show other bugs)
1.1.1
All Linux
medium Severity medium
: ---
: ---
Assigned To: Rich Megginson
Chandrasekar Kannan
:
Depends On:
Blocks: 249650 FDS112
  Show dependency treegraph
 
Reported: 2008-09-03 11:07 EDT by Rich Megginson
Modified: 2015-01-04 18:33 EST (History)
3 users (show)

See Also:
Fixed In Version: 8.1
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-04-29 19:06:22 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
diffs (12.55 KB, patch)
2008-09-03 11:11 EDT, Rich Megginson
no flags Details | Diff

  None (edit)
Description Rich Megginson 2008-09-03 11:07:26 EDT
The initialization order for NSS has changed with 3.12, introduced in Fedora 9.  mod_nss has changed to accommodate this, but this has broken the admin server.  The admin server needs to do NSS initialization like mod_nss does it.
Comment 1 Rich Megginson 2008-09-03 11:11:16 EDT
Created attachment 315652 [details]
diffs
Comment 2 Rich Megginson 2008-09-03 14:40:07 EDT
Checking in mod_admserv/mod_admserv.c;
/cvs/dirsec/mod_admserv/mod_admserv.c,v  <--  mod_admserv.c
new revision: 1.34; previous revision: 1.33
done

Reviewed by: nkinder (Thanks!)
Fix Description: Admin Server must make sure to do the NSS initialization after mod_nss has done so.  NSS 3.12 (introduced in Fedora 9) requires that processes must perform NSS initialization after calling fork() in each child process.  Apache provides a hook to do this.  I mostly just copied the init code from mod_nss, so that the init is done the same way that mod_nss does it.  Without this patch, I get strange errors when starting the Admin Server with SSL enabled, such as "Password for internal slot is incorrect".  With the patch, everything works fine.
Platforms tested: Fedora 9
Flag Day: no
Doc impact: no
Comment 3 Jenny Galipeau 2009-03-30 16:43:37 EDT
Is this bug valid for RH DS?
Comment 4 Rich Megginson 2009-03-30 16:53:15 EDT
Yes, because we use NSS 3.12 on all platforms now.
Comment 5 Jenny Galipeau 2009-04-15 15:07:00 EDT
okay - what kind of "strange errors" should I looke for if the Admin Server is started with SSL setup? :-)
Comment 6 Rich Megginson 2009-04-15 15:16:46 EDT
If admin server starts up and works with SSL enabled, then all is well.
Comment 7 Jenny Galipeau 2009-04-15 15:19:32 EDT
okay - I have already done this with RHEL 4 today verifying bug 465822 - Verified.
Comment 8 Chandrasekar Kannan 2009-04-29 19:06:22 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHEA-2009-0455.html

Note You need to log in before you can comment on or make changes to this bug.