The initialization order for NSS has changed with 3.12, introduced in Fedora 9. mod_nss has changed to accommodate this, but this has broken the admin server. The admin server needs to do NSS initialization like mod_nss does it.
Created attachment 315652 [details] diffs
Checking in mod_admserv/mod_admserv.c; /cvs/dirsec/mod_admserv/mod_admserv.c,v <-- mod_admserv.c new revision: 1.34; previous revision: 1.33 done Reviewed by: nkinder (Thanks!) Fix Description: Admin Server must make sure to do the NSS initialization after mod_nss has done so. NSS 3.12 (introduced in Fedora 9) requires that processes must perform NSS initialization after calling fork() in each child process. Apache provides a hook to do this. I mostly just copied the init code from mod_nss, so that the init is done the same way that mod_nss does it. Without this patch, I get strange errors when starting the Admin Server with SSL enabled, such as "Password for internal slot is incorrect". With the patch, everything works fine. Platforms tested: Fedora 9 Flag Day: no Doc impact: no
Is this bug valid for RH DS?
Yes, because we use NSS 3.12 on all platforms now.
okay - what kind of "strange errors" should I looke for if the Admin Server is started with SSL setup? :-)
If admin server starts up and works with SSL enabled, then all is well.
okay - I have already done this with RHEL 4 today verifying bug 465822 - Verified.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHEA-2009-0455.html