[Pkg-fedora-ds-maintainers] [libapache2-mod-nss] 128/156: Clarify the error messages to distinguish between server and proxy
Timo Aaltonen
tjaalton-guest at moszumanska.debian.org
Wed Jul 2 13:55:35 UTC 2014
This is an automated email from the git hooks/post-receive script.
tjaalton-guest pushed a commit to branch master
in repository libapache2-mod-nss.
commit 2a8b28143b44282939b432fc155b74d847044885
Author: Rob Crittenden <rcritten at redhat.com>
Date: Fri Oct 11 18:45:01 2013 -0400
Clarify the error messages to distinguish between server and proxy
Help clarify the error messages which didn't previously distinguish
between the following three variables:
NSSProtocol versus NSSProxyProtocol,
NSSCipherSuite versus NSSProxyCipherSuite, and
NSSNickname versus NSSProxyNickname
Ported from BZ 769906
---
nss_engine_init.c | 42 ++++++++++++++++++++++++++++++++++++++----
1 file changed, 38 insertions(+), 4 deletions(-)
diff --git a/nss_engine_init.c b/nss_engine_init.c
index 0e584cb..283468f 100644
--- a/nss_engine_init.c
+++ b/nss_engine_init.c
@@ -903,8 +903,25 @@ static void nss_init_ctx_cipher_suite(server_rec *s,
* Configure SSL Cipher Suite
*/
if (!suite) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
- "Required value NSSCipherSuite not set.");
+ /*
+ * Since this is a 'fatal' error, regardless of whether this
+ * particular invocation is from a 'server' object or a 'proxy'
+ * object, issue all error message(s) as appropriate.
+ */
+ if ((mctx->sc->enabled == TRUE) &&
+ (mctx->sc->server) &&
+ (!mctx->sc->server->auth.cipher_suite)) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
+ "NSSEngine on; required value NSSCipherSuite not set.");
+ }
+
+ if ((mctx->sc->proxy_enabled == TRUE) &&
+ (mctx->sc->proxy) &&
+ (!mctx->sc->proxy->auth.cipher_suite)) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
+ "NSSProxyEngine on; required value NSSProxyCipherSuite not set.");
+ }
+
nss_die();
}
@@ -1206,8 +1223,25 @@ static void nss_init_server_certs(server_rec *s,
if (mctx->nickname == NULL)
#endif
{
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
- "No certificate nickname provided.");
+ /*
+ * Since this is a 'fatal' error, regardless of whether this
+ * particular invocation is from a 'server' object or a 'proxy'
+ * object, issue all error message(s) as appropriate.
+ */
+ if ((mctx->sc->enabled == TRUE) &&
+ (mctx->sc->server) &&
+ (mctx->sc->server->nickname == NULL)) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
+ "NSSEngine on; no certificate nickname provided by NSSNickname.");
+ }
+
+ if ((mctx->sc->proxy_enabled == TRUE) &&
+ (mctx->sc->proxy) &&
+ (mctx->sc->proxy->nickname == NULL)) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
+ "NSSProxyEngine on; no certificate nickname provided by NSSProxyNickname.");
+ }
+
nss_die();
}
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-fedora-ds/libapache2-mod-nss.git
More information about the Pkg-fedora-ds-maintainers
mailing list