[Pkg-fedora-ds-maintainers] [libapache2-mod-nss] 19/156: Add NSS database prefix support
Timo Aaltonen
tjaalton-guest at moszumanska.debian.org
Wed Jul 2 13:55:23 UTC 2014
This is an automated email from the git hooks/post-receive script.
tjaalton-guest pushed a commit to branch master
in repository libapache2-mod-nss.
commit e882f3002bf2791b056ef7fcd98bc72a9518b1e1
Author: rcritten <>
Date: Wed Jun 29 22:28:10 2005 +0000
Add NSS database prefix support
---
mod_nss.c | 3 +++
mod_nss.h | 2 ++
nss.conf.in | 12 +++++++++---
nss_engine_config.c | 12 ++++++++++++
nss_engine_init.c | 25 +++++++++++++++++++------
nss_pcache.c | 6 +++---
6 files changed, 48 insertions(+), 12 deletions(-)
diff --git a/mod_nss.c b/mod_nss.c
index 131b436..7ae5311 100644
--- a/mod_nss.c
+++ b/mod_nss.c
@@ -41,6 +41,9 @@ static const command_rec nss_config_cmds[] = {
SSL_CMD_SRV(CertificateDatabase, TAKE1,
"SSL Server Certificate database "
"(`/path/to/file'")
+ SSL_CMD_SRV(DBPrefix, TAKE1,
+ "NSS Database prefix (optional) "
+ "(`my-prefix-'")
SSL_CMD_SRV(SessionCacheTimeout, TAKE1,
"SSL 2 Session Cache object lifetime "
"(`N' - number of seconds)")
diff --git a/mod_nss.h b/mod_nss.h
index c43e7e1..0813542 100644
--- a/mod_nss.h
+++ b/mod_nss.h
@@ -202,6 +202,7 @@ typedef struct {
int nInitCount;
apr_pool_t *pPool;
const char *pCertificateDatabase;
+ const char *pDBPrefix;
/* config for SSL session cache */
int session_cache_size;
@@ -312,6 +313,7 @@ void *nss_config_server_create(apr_pool_t *p, server_rec *s);
void *nss_config_server_merge(apr_pool_t *p, void *basev, void *addv);
const char *nss_cmd_NSSEngine(cmd_parms *, void *, int);
const char *nss_cmd_NSSCertificateDatabase(cmd_parms *cmd, void *dcfg, const char *arg);
+const char *nss_cmd_NSSDBPrefix(cmd_parms *cmd, void *dcfg, const char *arg);
const char *nss_cmd_NSSCipherSuite(cmd_parms *cmd, void *dcfg, const char *arg);
const char *nss_cmd_NSSVerifyClient(cmd_parms *cmd, void *dcfg, const char *arg);
const char *nss_cmd_NSSProtocol(cmd_parms *cmd, void *dcfg, const char *arg);
diff --git a/nss.conf.in b/nss.conf.in
index 77b46df..6cefa04 100644
--- a/nss.conf.in
+++ b/nss.conf.in
@@ -61,9 +61,9 @@ NSSSession3CacheTimeout 86400
#ServerName www.example.com:443
#ServerAdmin you at example.com
-# mod_ssl logs to separate log files, you can choose to do that if you'd like
-ErrorLog @apache_prefix@/logs/error_log
-TransferLog @apache_prefix@/logs/access_log
+# mod_nss can log to separate log files, you can choose to do that if you'd like
+#ErrorLog @apache_prefix@/logs/error_log
+#TransferLog @apache_prefix@/logs/access_log
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
@@ -86,6 +86,12 @@ NSSNickname Server-Cert
# Provide the directory that these files exist.
NSSCertificateDatabase @apache_conf@
+# Database Prefix:
+# In order to be able to store multiple NSS databases in one directory
+# they need unique names. This option sets the database prefix used for
+# cert8.db and key3.db.
+#NSSDBPrefix my-prefix-
+
# Client Authentication (Type):
# Client certificate verification type. Types are none, optional and
# require.
diff --git a/nss_engine_config.c b/nss_engine_config.c
index ee18f64..3600bc9 100644
--- a/nss_engine_config.c
+++ b/nss_engine_config.c
@@ -45,6 +45,7 @@ SSLModConfigRec *nss_config_global_create(server_rec *s)
*/
mc->nInitCount = 0;
mc->pCertificateDatabase = NULL;
+ mc->pDBPrefix = NULL;
mc->session_cache_size = UNSET;
mc->session_cache_timeout = UNSET;
mc->ssl3_session_cache_timeout = UNSET;
@@ -273,6 +274,17 @@ const char *nss_cmd_NSSCertificateDatabase(cmd_parms *cmd,
return NULL;
}
+const char *nss_cmd_NSSDBPrefix(cmd_parms *cmd,
+ void *dcfg,
+ const char *arg)
+{
+ SSLModConfigRec *mc = myModConfig(cmd->server);
+
+ mc->pDBPrefix = arg;
+
+ return NULL;
+}
+
const char *nss_cmd_NSSCipherSuite(cmd_parms *cmd,
void *dcfg,
const char *arg)
diff --git a/nss_engine_init.c b/nss_engine_init.c
index 94f00af..a73e463 100644
--- a/nss_engine_init.c
+++ b/nss_engine_init.c
@@ -98,17 +98,23 @@ static void nss_add_version_components(apr_pool_t *p,
/*
* Initialize SSL library
+ *
+ * If sslenabled is not set then there is no need to prompt for the token
+ * passwords.
*/
-static void nss_init_SSLLibrary(server_rec *s)
+static void nss_init_SSLLibrary(server_rec *s, int sslenabled)
{
SECStatus rv;
SSLModConfigRec *mc = myModConfig(s);
+ SSLSrvConfigRec *sc;
+
+ sc = mySrvConfig(s);
ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
"Init: %snitializing NSS library", mc->nInitCount == 1 ? "I" : "Re-i");
/* Do we need to fire up our password helper? */
- if (mc->nInitCount == 1) {
+ if (mc->nInitCount == 1 && sslenabled) {
const char * child_argv[3];
apr_status_t rv;
@@ -121,7 +127,8 @@ static void nss_init_SSLLibrary(server_rec *s)
child_argv[0] = mc->pphrase_dialog_helper;
child_argv[1] = mc->pCertificateDatabase;
- child_argv[2] = NULL;
+ child_argv[2] = mc->pDBPrefix;
+ child_argv[3] = NULL;
rv = apr_procattr_create(&mc->procattr, mc->pPool);
@@ -165,10 +172,10 @@ static void nss_init_SSLLibrary(server_rec *s)
PK11_ConfigurePKCS11(NULL,NULL,NULL, INTERNAL_TOKEN_NAME, NULL, NULL,NULL,NULL,8,1);
/* Initialize NSS and open the certificate database read-only. */
- rv = NSS_Initialize(mc->pCertificateDatabase, NULL, NULL, "secmod.db", NSS_INIT_READONLY);
+ rv = NSS_Initialize(mc->pCertificateDatabase, mc->pDBPrefix, mc->pDBPrefix, "secmod.db", NSS_INIT_READONLY);
/* Assuming everything is ok so far, check the cert database password(s). */
- if (rv != SECSuccess || nss_Init_Tokens(s) != SECSuccess) {
+ if (sslenabled && (rv != SECSuccess || nss_Init_Tokens(s) != SECSuccess)) {
NSS_Shutdown();
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"NSS initialization failed. Certificate database: %s.", mc->pCertificateDatabase != NULL ? mc->pCertificateDatabase : "not set in configuration");
@@ -197,6 +204,7 @@ int nss_init_Module(apr_pool_t *p, apr_pool_t *plog,
SSLModConfigRec *mc = myModConfig(base_server);
SSLSrvConfigRec *sc;
server_rec *s;
+ int sslenabled = FALSE;
mc->nInitCount++;
@@ -259,12 +267,16 @@ int nss_init_Module(apr_pool_t *p, apr_pool_t *plog,
sc->enabled = FALSE;
}
+ if (sc->enabled == TRUE) {
+ sslenabled = TRUE;
+ }
+
if (sc->proxy_enabled == UNSET) {
sc->proxy_enabled = FALSE;
}
}
- nss_init_SSLLibrary(base_server);
+ nss_init_SSLLibrary(base_server, sslenabled);
ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
"done Init: Initializing NSS library");
@@ -294,6 +306,7 @@ int nss_init_Module(apr_pool_t *p, apr_pool_t *plog,
nss_init_ConfigureServer(s, p, ptemp, sc);
}
+
/*
* Announce mod_ssl and SSL library in HTTP Server field
* as ``mod_ssl/X.X.X OpenSSL/X.X.X''
diff --git a/nss_pcache.c b/nss_pcache.c
index 5912c02..9baa829 100644
--- a/nss_pcache.c
+++ b/nss_pcache.c
@@ -297,8 +297,8 @@ int main(int argc, char ** argv)
char * tokenName;
char * tokenpw;
- if (argc != 2) {
- fprintf(stderr, "Usage: nss_pcache <directory>\n");
+ if (argc < 2 || argc > 3) {
+ fprintf(stderr, "Usage: nss_pcache <directory> <prefix>\n");
exit(1);
}
@@ -309,7 +309,7 @@ int main(int argc, char ** argv)
PK11_ConfigurePKCS11(NULL,NULL,NULL, INTERNAL_TOKEN_NAME, NULL, NULL,NULL,NULL,8,1);
/* Initialize NSS and open the certificate database read-only. */
- rv = NSS_Initialize(argv[1], NULL, NULL, "secmod.db", NSS_INIT_READONLY);
+ rv = NSS_Initialize(argv[1], argc == 3 ? argv[2] : NULL, argc == 3 ? argv[2] : NULL, "secmod.db", NSS_INIT_READONLY);
in = PR_GetSpecialFD(PR_StandardInput);
out = PR_GetSpecialFD(PR_StandardOutput);
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-fedora-ds/libapache2-mod-nss.git
More information about the Pkg-fedora-ds-maintainers
mailing list