SOURCES: apache-mod_nss-config.patch - our cert is not valid, allow default...

glen glen at pld-linux.org
Fri Oct 3 22:53:23 CEST 2008 

Author: glen                         Date: Fri Oct  3 20:53:23 2008 GMT
Module: SOURCES                       Tag: HEAD
---- Log message:
- our cert is not valid, allow default config to run

---- Files affected:
SOURCES:
   apache-mod_nss-config.patch (1.3 -> 1.4) 

---- Diffs:

================================================================
Index: SOURCES/apache-mod_nss-config.patch
diff -u SOURCES/apache-mod_nss-config.patch:1.3 SOURCES/apache-mod_nss-config.patch:1.4
--- SOURCES/apache-mod_nss-config.patch:1.3	Tue Jun 17 08:38:10 2008
+++ SOURCES/apache-mod_nss-config.patch	Fri Oct  3 22:53:17 2008
@@ -1,19 +1,21 @@
-diff -U2 mod_nss-1.0.7/nss.conf.in mod_nss-1.0.7/nss.conf.in
---- mod_nss-1.0.7/nss.conf.in	2008-06-17 09:14:46.944230209 +0300
-+++ mod_nss-1.0.7/nss.conf.in	2008-06-17 09:37:06.875135679 +0300
-@@ -1,3 +1,4 @@
+--- mod_nss-1.0.8/nss.conf.in~	2006-10-20 18:23:39.000000000 +0300
++++ mod_nss-1.0.8/nss.conf.in	2008-10-03 23:49:38.490473661 +0300
+@@ -1,4 +1,5 @@
 -#
 +LoadModule nss_module	modules/libmodnss.so
 +
  # This is the Apache server configuration file providing SSL support using.
  # the mod_nss plugin.  It contains the configuration directives to instruct
-@@ -9,4 +10,5 @@
+ # the server how to serve pages over an https connection.
+@@ -8,14 +9,15 @@
+ # consult the online docs. You have been warned.  
  #
  
 +<IfModule mod_nss.c>
  #
  # When we also provide SSL we have to listen to the 
-@@ -15,5 +17,5 @@
+ # standard HTTP port (see above) and to the HTTPS port
+ #
  # Note: Configurations that use IPv6 but not IPv4-mapped addresses need two
 -#       Listen directives: "Listen [::]:443" and "Listen 0.0.0.0:443"
 +#       Listen directives: "Listen [::]:8443" and "Listen 0.0.0.0:8443"
@@ -21,7 +23,10 @@
 -Listen 443
 +Listen 8443
  
-@@ -69,15 +71,15 @@
+ ##
+ ##  SSL Global Context
+@@ -68,17 +70,17 @@
+ ## SSL Virtual Host Context
  ##
  
 -<VirtualHost _default_:443>
@@ -42,19 +47,42 @@
 +#TransferLog logs/access_log
  LogLevel warn
  
-@@ -114,5 +116,5 @@
+ #   SSL Engine Switch:
+@@ -113,7 +115,7 @@
+ #   The NSS security database directory that holds the certificates and
  #   keys. The database consists of 3 files: cert8.db, key3.db and secmod.db.
  #   Provide the directory that these files exist.
 -NSSCertificateDatabase @apache_conf@
 +NSSCertificateDatabase @apache_conf@/nss
  
  #   Database Prefix:
-@@ -190,5 +192,5 @@
+ #   In order to be able to store multiple NSS databases in one directory
+@@ -126,6 +128,14 @@
+ #   require.
+ #NSSVerifyClient none
+ 
++
++#   By default mod_nss will not start up if the server certificate is not
++#   valid. This means that if the certificate has expired or is signed by a CA
++#   that is not trusted in the NSS certificate database the server will not
++#   start.
++#   Not enforcing a valid server certificate is not recommended.
++NSSEnforceValidCerts off
++
+ #
+ #   Online Certificate Status Protocol (OCSP).
+ #   Verify that certificates have not been revoked before accepting them.
+@@ -189,7 +199,7 @@
+ <Files ~ "\.(cgi|shtml|phtml|php3?)$">
      NSSOptions +StdEnvVars
  </Files>
 -<Directory "@apache_prefix@/cgi-bin">
 +<Directory "/home/services/httpd/cgi-bin">
      NSSOptions +StdEnvVars
  </Directory>
-@@ -203,0 +206 @@
+ 
+@@ -201,3 +211,4 @@
+ 
+ </VirtualHost>                                  
+ 
 +</IfModule>
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/SOURCES/apache-mod_nss-config.patch?r1=1.3&r2=1.4&f=u

More information about the pld-cvs-commit mailing list