Author: rcritten
Update of /cvs/dirsec/mod_nss In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14785
Modified Files: nss_engine_init.c Log Message: 212426
Don't fire up the NSS engine if SSL isn't enabled.
Index: nss_engine_init.c =================================================================== RCS file: /cvs/dirsec/mod_nss/nss_engine_init.c,v retrieving revision 1.25 retrieving revision 1.26 diff -u -r1.25 -r1.26 --- nss_engine_init.c 20 Oct 2006 15:23:39 -0000 1.25 +++ nss_engine_init.c 26 Oct 2006 18:59:24 -0000 1.26 @@ -134,10 +134,8 @@ /* * Initialize SSL library * - * If sslenabled is not set then there is no need to prompt for the token - * passwords. */ -static void nss_init_SSLLibrary(server_rec *s, int sslenabled, int fipsenabled, +static void nss_init_SSLLibrary(server_rec *s, int fipsenabled, int ocspenabled, int ocspdefault, const char * ocspurl, const char *ocspname) { @@ -153,7 +151,7 @@ "Init: %snitializing NSS library", mc->nInitCount == 1 ? "I" : "Re-i");
/* Do we need to fire up our password helper? */ - if (mc->nInitCount == 1 && sslenabled) { + if (mc->nInitCount == 1) { const char * child_argv[4]; apr_status_t rv;
@@ -237,7 +235,7 @@ }
/* Assuming everything is ok so far, check the cert database password(s). */ - if (sslenabled && (rv != SECSuccess)) { + if (rv != SECSuccess) { NSS_Shutdown(); ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "NSS initialization failed. Certificate database: %s.", mc->pCertificateDatabase != NULL ? mc->pCertificateDatabase : "not set in configuration"); @@ -262,7 +260,7 @@ } /* FIPS is already enabled, nothing to do */ }
- if (sslenabled && (nss_Init_Tokens(s) != SECSuccess)) { + if (nss_Init_Tokens(s) != SECSuccess) { NSS_Shutdown(); ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "NSS initialization failed. Certificate database: %s.", mc->pCertificateDatabase != NULL ? mc->pCertificateDatabase : "not set in configuration"); @@ -396,6 +394,10 @@ sc->enabled = FALSE; }
+ if (sc->proxy_enabled == UNSET) { + sc->proxy_enabled = FALSE; + } + if (sc->fips == TRUE) { fipsenabled = TRUE; } @@ -404,14 +406,10 @@ ocspenabled = TRUE; }
- if (sc->enabled == TRUE) { + if ((sc->enabled == TRUE) || (sc->proxy_enabled == TRUE)) { sslenabled = TRUE; }
- if (sc->proxy_enabled == UNSET) { - sc->proxy_enabled = FALSE; - } - if (sc->ocsp_default == TRUE) { ocspdefault = TRUE; ocspurl = sc->ocsp_url; @@ -424,7 +422,10 @@ } }
- nss_init_SSLLibrary(base_server, sslenabled, fipsenabled, ocspenabled, + if (sslenabled == FALSE) + return OK; + + nss_init_SSLLibrary(base_server, fipsenabled, ocspenabled, ocspdefault, ocspurl, ocspname); ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, "done Init: Initializing NSS library"); @@ -1083,7 +1084,8 @@
/* Closing this implicitly cleans up the copy of the certificates * and keys associated with any SSL socket */ - PR_Close(sc->server->model); + if (sc->server->model) + PR_Close(sc->server->model);
shutdown = 1; } @@ -1095,7 +1097,8 @@
/* Closing this implicitly cleans up the copy of the certificates * and keys associated with any SSL socket */ - PR_Close(sc->proxy->model); + if (sc->proxy->model) + PR_Close(sc->proxy->model);
shutdown = 1; }
389-commits@lists.fedoraproject.org