[Pkg-fedora-ds-maintainers] [libapache2-mod-nss] 46/156: Close the proxy model socket so NSS can be shutdown gracefully. Also correct an error where the PKCS#11 slot isn't closed unless a the certificate key is obtained. This also affected NSS_Shutdown().

[Timo Aaltonen]

This is an automated email from the git hooks/post-receive script.

tjaalton-guest pushed a commit to branch master
in repository libapache2-mod-nss.

commit 90314a138f7130236bbe5c699a2b5bafe61c779c
Author: rcritten <>
Date:   Tue Oct 11 15:01:34 2005 +0000

    Close the proxy model socket so NSS can be shutdown gracefully. Also
    correct an error where the PKCS#11 slot isn't closed unless a the
    certificate key is obtained. This also affected NSS_Shutdown().
---
 nss_engine_init.c | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/nss_engine_init.c b/nss_engine_init.c
index a9ae8d0..6f33db4 100644
--- a/nss_engine_init.c
+++ b/nss_engine_init.c
@@ -756,11 +756,11 @@ static void nss_init_server_certs(server_rec *s,
         nss_die();
     }
 
-    if (mctx->nickname != NULL)
+    if (mctx->nickname != NULL) {
         ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
              "Using nickname %s.", mctx->nickname);
-
-    mctx->servercert = FindServerCertFromNickname(mctx->nickname);
+        mctx->servercert = FindServerCertFromNickname(mctx->nickname);
+    }
 
     /* Verify the certificate chain. */
     if (mctx->servercert != NULL && mctx->as_server) {
@@ -812,8 +812,8 @@ static void nss_init_server_certs(server_rec *s,
     
     if (mctx->servercert) {
         mctx->serverkey = PK11_FindPrivateKeyFromCert(slot, mctx->servercert, NULL);
-        PK11_FreeSlot(slot);
     }
+    PK11_FreeSlot(slot);
 
     if (mctx->as_server && mctx->serverkey == NULL) {
         ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
@@ -952,6 +952,16 @@ apr_status_t nss_init_ModuleKill(void *data)
 
             shutdowncache = 1;
         }
+        if (sc->proxy_enabled) {
+            if (sc->proxy->servercert != NULL) {
+                CERT_DestroyCertificate(sc->proxy->servercert);
+                SECKEY_DestroyPrivateKey(sc->proxy->serverkey);
+            }
+
+            /* Closing this implicitly cleans up the copy of the certificates
+             * and keys associated with any SSL socket */
+            PR_Close(sc->proxy->model);
+        }
     }
 
     if (shutdowncache) 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-fedora-ds/libapache2-mod-nss.git