[Pkg-fedora-ds-maintainers] [libapache2-mod-nss] 46/156: Close the proxy model socket so NSS can be shutdown gracefully. Also correct an error where the PKCS#11 slot isn't closed unless a the certificate key is obtained. This also affected NSS_Shutdown().
Timo Aaltonen
tjaalton-guest at moszumanska.debian.org
Wed Jul 2 13:55:26 UTC 2014
This is an automated email from the git hooks/post-receive script.
tjaalton-guest pushed a commit to branch master
in repository libapache2-mod-nss.
commit 90314a138f7130236bbe5c699a2b5bafe61c779c
Author: rcritten <>
Date: Tue Oct 11 15:01:34 2005 +0000
Close the proxy model socket so NSS can be shutdown gracefully. Also
correct an error where the PKCS#11 slot isn't closed unless a the
certificate key is obtained. This also affected NSS_Shutdown().
---
nss_engine_init.c | 18 ++++++++++++++----
1 file changed, 14 insertions(+), 4 deletions(-)
diff --git a/nss_engine_init.c b/nss_engine_init.c
index a9ae8d0..6f33db4 100644
--- a/nss_engine_init.c
+++ b/nss_engine_init.c
@@ -756,11 +756,11 @@ static void nss_init_server_certs(server_rec *s,
nss_die();
}
- if (mctx->nickname != NULL)
+ if (mctx->nickname != NULL) {
ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
"Using nickname %s.", mctx->nickname);
-
- mctx->servercert = FindServerCertFromNickname(mctx->nickname);
+ mctx->servercert = FindServerCertFromNickname(mctx->nickname);
+ }
/* Verify the certificate chain. */
if (mctx->servercert != NULL && mctx->as_server) {
@@ -812,8 +812,8 @@ static void nss_init_server_certs(server_rec *s,
if (mctx->servercert) {
mctx->serverkey = PK11_FindPrivateKeyFromCert(slot, mctx->servercert, NULL);
- PK11_FreeSlot(slot);
}
+ PK11_FreeSlot(slot);
if (mctx->as_server && mctx->serverkey == NULL) {
ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
@@ -952,6 +952,16 @@ apr_status_t nss_init_ModuleKill(void *data)
shutdowncache = 1;
}
+ if (sc->proxy_enabled) {
+ if (sc->proxy->servercert != NULL) {
+ CERT_DestroyCertificate(sc->proxy->servercert);
+ SECKEY_DestroyPrivateKey(sc->proxy->serverkey);
+ }
+
+ /* Closing this implicitly cleans up the copy of the certificates
+ * and keys associated with any SSL socket */
+ PR_Close(sc->proxy->model);
+ }
}
if (shutdowncache)
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-fedora-ds/libapache2-mod-nss.git
More information about the Pkg-fedora-ds-maintainers
mailing list