Bug 461028 - Admin Server problem with mod_nss and NSS 3.12 on F9
Summary: Admin Server problem with mod_nss and NSS 3.12 on F9
Alias: None
Product: 389
Classification: Retired
Component: Admin
Version: 1.1.1
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Rich Megginson
QA Contact: Chandrasekar Kannan
Depends On:
Blocks: 249650 FDS112
TreeView+ depends on / blocked
Reported: 2008-09-03 15:07 UTC by Rich Megginson
Modified: 2015-01-04 23:33 UTC (History)
3 users (show)

Fixed In Version: 8.1
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2009-04-29 23:06:22 UTC

Attachments (Terms of Use)
diffs (12.55 KB, patch)
2008-09-03 15:11 UTC, Rich Megginson
no flags Details | Diff

Description Rich Megginson 2008-09-03 15:07:26 UTC
The initialization order for NSS has changed with 3.12, introduced in Fedora 9.  mod_nss has changed to accommodate this, but this has broken the admin server.  The admin server needs to do NSS initialization like mod_nss does it.

Comment 1 Rich Megginson 2008-09-03 15:11:16 UTC
Created attachment 315652 [details]

Comment 2 Rich Megginson 2008-09-03 18:40:07 UTC
Checking in mod_admserv/mod_admserv.c;
/cvs/dirsec/mod_admserv/mod_admserv.c,v  <--  mod_admserv.c
new revision: 1.34; previous revision: 1.33

Reviewed by: nkinder (Thanks!)
Fix Description: Admin Server must make sure to do the NSS initialization after mod_nss has done so.  NSS 3.12 (introduced in Fedora 9) requires that processes must perform NSS initialization after calling fork() in each child process.  Apache provides a hook to do this.  I mostly just copied the init code from mod_nss, so that the init is done the same way that mod_nss does it.  Without this patch, I get strange errors when starting the Admin Server with SSL enabled, such as "Password for internal slot is incorrect".  With the patch, everything works fine.
Platforms tested: Fedora 9
Flag Day: no
Doc impact: no

Comment 3 Jenny Severance 2009-03-30 20:43:37 UTC
Is this bug valid for RH DS?

Comment 4 Rich Megginson 2009-03-30 20:53:15 UTC
Yes, because we use NSS 3.12 on all platforms now.

Comment 5 Jenny Severance 2009-04-15 19:07:00 UTC
okay - what kind of "strange errors" should I looke for if the Admin Server is started with SSL setup? :-)

Comment 6 Rich Megginson 2009-04-15 19:16:46 UTC
If admin server starts up and works with SSL enabled, then all is well.

Comment 7 Jenny Severance 2009-04-15 19:19:32 UTC
okay - I have already done this with RHEL 4 today verifying bug 465822 - Verified.

Comment 8 Chandrasekar Kannan 2009-04-29 23:06:22 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.