The initialization order for NSS has changed with 3.12, introduced in Fedora 9. mod_nss has changed to accommodate this, but this has broken the admin server. The admin server needs to do NSS initialization like mod_nss does it.
Created attachment 315652 [details]
Checking in mod_admserv/mod_admserv.c;
/cvs/dirsec/mod_admserv/mod_admserv.c,v <-- mod_admserv.c
new revision: 1.34; previous revision: 1.33
Reviewed by: nkinder (Thanks!)
Fix Description: Admin Server must make sure to do the NSS initialization after mod_nss has done so. NSS 3.12 (introduced in Fedora 9) requires that processes must perform NSS initialization after calling fork() in each child process. Apache provides a hook to do this. I mostly just copied the init code from mod_nss, so that the init is done the same way that mod_nss does it. Without this patch, I get strange errors when starting the Admin Server with SSL enabled, such as "Password for internal slot is incorrect". With the patch, everything works fine.
Platforms tested: Fedora 9
Flag Day: no
Doc impact: no
Is this bug valid for RH DS?
Yes, because we use NSS 3.12 on all platforms now.
okay - what kind of "strange errors" should I looke for if the Admin Server is started with SSL setup? :-)
If admin server starts up and works with SSL enabled, then all is well.
okay - I have already done this with RHEL 4 today verifying bug 465822 - Verified.
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.