Author: rcritten
Update of /cvs/dirsec/mod_nss
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv31338
Modified Files:
nss_engine_init.c
Log Message:
Initialize the NSS cache before NSS_Init is called. A race condition
was being triggered during the first module unload when calling
NSS_Shutdown because the cache wasn't finished setting itself up
in MP mode.
Index: nss_engine_init.c
===================================================================
RCS file: /cvs/dirsec/mod_nss/nss_engine_init.c,v
retrieving revision 1.22
retrieving revision 1.23
diff -u -r1.22 -r1.23
--- nss_engine_init.c 2 Aug 2006 18:59:12 -0000 1.22
+++ nss_engine_init.c 24 Aug 2006 15:50:20 -0000 1.23
@@ -205,6 +205,14 @@
/* Set the PKCS #11 strings for the internal token. */
PK11_ConfigurePKCS11(NULL,NULL,NULL, INTERNAL_TOKEN_NAME, NULL, NULL,NULL,NULL,8,1);
+ ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
+ "Initializing SSL Session Cache of size %d. SSL2 timeout = %d, SSL3/TLS
timeout = %d.", mc->session_cache_size, mc->session_cache_timeout,
mc->ssl3_session_cache_timeout);
+ ap_mpm_query(AP_MPMQ_IS_FORKED, &forked);
+ if (forked)
+ SSL_ConfigMPServerSIDCache(mc->session_cache_size, (PRUint32)
mc->session_cache_timeout, (PRUint32) mc->ssl3_session_cache_timeout, NULL);
+ else
+ SSL_ConfigServerSessionIDCache(mc->session_cache_size, (PRUint32)
mc->session_cache_timeout, (PRUint32) mc->ssl3_session_cache_timeout, NULL);
+
/* We need to be in the same directory as libnssckbi.so to load the
* root certificates properly.
*/
@@ -268,14 +276,6 @@
nss_die();
}
- ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
- "Initializing SSL Session Cache of size %d. SSL2 timeout = %d, SSL3/TLS
timeout = %d.", mc->session_cache_size, mc->session_cache_timeout,
mc->ssl3_session_cache_timeout);
- ap_mpm_query(AP_MPMQ_IS_FORKED, &forked);
- if (forked)
- SSL_ConfigMPServerSIDCache(mc->session_cache_size, (PRUint32)
mc->session_cache_timeout, (PRUint32) mc->ssl3_session_cache_timeout, NULL);
- else
- SSL_ConfigServerSessionIDCache(mc->session_cache_size, (PRUint32)
mc->session_cache_timeout, (PRUint32) mc->ssl3_session_cache_timeout, NULL);
-
if (ocspenabled) {
CERT_EnableOCSPChecking(CERT_GetDefaultCertDB());
ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,