Bug 461028 - Admin Server problem with mod_nss and NSS 3.12 on F9
Admin Server problem with mod_nss and NSS 3.12 on F9
Product: 389
Classification: Community
Component: Admin (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Rich Megginson
Chandrasekar Kannan
Depends On:
Blocks: 249650 FDS112
  Show dependency treegraph
Reported: 2008-09-03 11:07 EDT by Rich Megginson
Modified: 2015-01-04 18:33 EST (History)
3 users (show)

See Also:
Fixed In Version: 8.1
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-04-29 19:06:22 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
diffs (12.55 KB, patch)
2008-09-03 11:11 EDT, Rich Megginson
no flags Details | Diff

  None (edit)
Description Rich Megginson 2008-09-03 11:07:26 EDT
The initialization order for NSS has changed with 3.12, introduced in Fedora 9.  mod_nss has changed to accommodate this, but this has broken the admin server.  The admin server needs to do NSS initialization like mod_nss does it.
Comment 1 Rich Megginson 2008-09-03 11:11:16 EDT
Created attachment 315652 [details]
Comment 2 Rich Megginson 2008-09-03 14:40:07 EDT
Checking in mod_admserv/mod_admserv.c;
/cvs/dirsec/mod_admserv/mod_admserv.c,v  <--  mod_admserv.c
new revision: 1.34; previous revision: 1.33

Reviewed by: nkinder (Thanks!)
Fix Description: Admin Server must make sure to do the NSS initialization after mod_nss has done so.  NSS 3.12 (introduced in Fedora 9) requires that processes must perform NSS initialization after calling fork() in each child process.  Apache provides a hook to do this.  I mostly just copied the init code from mod_nss, so that the init is done the same way that mod_nss does it.  Without this patch, I get strange errors when starting the Admin Server with SSL enabled, such as "Password for internal slot is incorrect".  With the patch, everything works fine.
Platforms tested: Fedora 9
Flag Day: no
Doc impact: no
Comment 3 Jenny Galipeau 2009-03-30 16:43:37 EDT
Is this bug valid for RH DS?
Comment 4 Rich Megginson 2009-03-30 16:53:15 EDT
Yes, because we use NSS 3.12 on all platforms now.
Comment 5 Jenny Galipeau 2009-04-15 15:07:00 EDT
okay - what kind of "strange errors" should I looke for if the Admin Server is started with SSL setup? :-)
Comment 6 Rich Megginson 2009-04-15 15:16:46 EDT
If admin server starts up and works with SSL enabled, then all is well.
Comment 7 Jenny Galipeau 2009-04-15 15:19:32 EDT
okay - I have already done this with RHEL 4 today verifying bug 465822 - Verified.
Comment 8 Chandrasekar Kannan 2009-04-29 19:06:22 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.