[Fedora-directory-commits] adminutil/lib/libadminutil distadm.c, 1.1.1.1, 1.2
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/adminutil/lib/libadminutil
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv26058/adminutil/lib/libadminutil
Modified Files:
distadm.c
Log Message:
change binary directory naming convention to the same one we use with pre-built binary components; remove old crufty Fortezza stuff; general makefile cleanup
Index: distadm.c
===================================================================
RCS file: /cvs/dirsec/adminutil/lib/libadminutil/distadm.c,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- distadm.c 20 Jul 2005 22:51:32 -0000 1.1.1.1
+++ distadm.c 29 Sep 2005 22:10:15 -0000 1.2
@@ -141,9 +141,6 @@
static char *pass = ADM_NOT_INITIALIZED;
static char *auth = ADM_NOT_INITIALIZED;
static char *userDN = ADM_NOT_INITIALIZED;
-#ifdef FORTEZZA
-static char *pin = ADM_NOT_INITIALIZED;
-#endif /* FORTEZZA */
/* The function to use when reading the stuff from the pipe */
#ifdef XP_WIN32
@@ -250,18 +247,6 @@
}
}
-#ifdef FORTEZZA
- head = tail;
- tail = PL_strchr(head, '\n');
- *tail++ = '\0';
- if(!PL_strncmp(head, ADM_PIN_STRING, PL_strlen(ADM_PIN_STRING))) {
- pin = PL_strdup(&(head[PL_strlen(ADM_PIN_STRING)]));
- if(!PL_strcmp(pin, ADM_NO_VALUE_STRING)) {
- pin = NULL;
- }
- }
-#endif /* FORTEZZA */
-
head = tail;
tail = PL_strchr(head, '\n');
*tail++ = '\0';
@@ -348,20 +333,3 @@
*userdn = userDN;
return 0;
}
-
-#ifdef FORTEZZA
-PR_IMPLEMENT(int)
-ADM_GetPinString(int *errcode, char **pinstr)
-{
- int err;
-
- if((pin) && (!PL_strcmp(pin, ADM_NOT_INITIALIZED))) {
- if(ADM_InitializePermissions(&err)) {
- *errcode = err;
- return -1;
- }
- }
- *pinstr = pin;
- return 0;
-}
-#endif /* FORTEZZA */
18 years, 2 months
[Fedora-directory-commits] adminutil/include/libadminutil admutil.h, 1.1.1.1, 1.2 distadm.h, 1.1.1.1, 1.2
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/adminutil/include/libadminutil
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv26058/adminutil/include/libadminutil
Modified Files:
admutil.h distadm.h
Log Message:
change binary directory naming convention to the same one we use with pre-built binary components; remove old crufty Fortezza stuff; general makefile cleanup
Index: admutil.h
===================================================================
RCS file: /cvs/dirsec/adminutil/include/libadminutil/admutil.h,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- admutil.h 20 Jul 2005 22:51:31 -0000 1.1.1.1
+++ admutil.h 29 Sep 2005 22:10:10 -0000 1.2
@@ -46,11 +46,6 @@
#define BIG_LINE 1024
#endif
-#ifdef FORTEZZA
-#ifndef ADM_PIN_STRING
-#define ADM_PIN_STRING "Pin: "
-#endif
-#endif /* FORTEZZA */
/* safs/cgi.h */
#ifdef __cplusplus
Index: distadm.h
===================================================================
RCS file: /cvs/dirsec/adminutil/include/libadminutil/distadm.h,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- distadm.h 20 Jul 2005 22:51:31 -0000 1.1.1.1
+++ distadm.h 29 Sep 2005 22:10:10 -0000 1.2
@@ -84,10 +84,6 @@
/* distadm.c */
PR_IMPLEMENT(int) ADM_GetUserDNString(int *errcode, char **userdn);
-#ifdef FORTEZZA
-PR_IMPLEMENT(int) ADM_GetPinString(int *errcode, char **pinstr);
-#endif /* FORTEZZA */
-
#ifdef __cplusplus
}
#endif
18 years, 2 months
[Fedora-directory-commits] adminutil nsdefs.mk, 1.1.1.1, 1.2 pkgadminutil.mk, 1.1.1.1, 1.2
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/adminutil
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv26058/adminutil
Modified Files:
nsdefs.mk pkgadminutil.mk
Log Message:
change binary directory naming convention to the same one we use with pre-built binary components; remove old crufty Fortezza stuff; general makefile cleanup
Index: nsdefs.mk
===================================================================
RCS file: /cvs/dirsec/adminutil/nsdefs.mk,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- nsdefs.mk 20 Jul 2005 22:51:31 -0000 1.1.1.1
+++ nsdefs.mk 29 Sep 2005 22:10:09 -0000 1.2
@@ -62,11 +62,6 @@
else
BUILD_PTHREADS=
endif
-ifdef FORTEZZA
-BUILD_FORTEZZA=fortezza
-else
-BUILD_FORTEZZA=normal
-endif
ifeq ($(USE_64), 1)
NS64TAG = _64
@@ -212,7 +207,6 @@
echo BUILD_MODULE=$(BUILD_MODULE)
echo BUILD_SECURITY=$(BUILD_SECURITY)
echo BUILD_DEBUG=$(BUILD_DEBUG)
-echo BUILD_FORTEZZA=$(BUILD_FORTEZZA)
echo BUILD_NSPR_THREADS=$(BUILD_NSPR_THREADS)
echo BUILD_BOMB=$(BUILD_BOMB)
echo BUILD_DLL_VERSION=$(BUILD_DLL_VERSION)
@@ -228,7 +222,6 @@
ARCH=$(BUILD_ARCH)
SECURITY=$(BUILD_SECURITY)
DEBUG=$(BUILD_DEBUG)
-B_FORTEZZA=$(BUILD_FORTEZZA)
BOMB=$(BUILD_BOMB)
NSPR_THREADS=$(BUILD_NSPR_THREADS)
BUILD_DLL=$(BUILD_DLL_VERSION)
@@ -255,7 +248,7 @@
#
ifndef OBJDIR
-OBJDIR=$(ABS_ROOT)/built/$(NSPLATFORM_ID)-$(SECURITY)-$(DEBUG)-$(B_FORTEZZA)$(BUILD_PTHREADS)
+OBJDIR=$(ABS_ROOT)/built/$(FULL_RTL_OBJDIR)
endif
ifndef COMMON_OBJDIR
Index: pkgadminutil.mk
===================================================================
RCS file: /cvs/dirsec/adminutil/pkgadminutil.mk,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- pkgadminutil.mk 20 Jul 2005 22:51:31 -0000 1.1.1.1
+++ pkgadminutil.mk 29 Sep 2005 22:10:09 -0000 1.2
@@ -25,28 +25,18 @@
BUILD_ROOT:=.
include $(BUILD_ROOT)/nsdefs.mk
+include $(BUILD_ROOT)/nsconfig.mk
MKDIR=mkdir -p
# Destination directories for package
-ifeq ($(USE_PTHREADS), 1)
- PKGDIR_NAME=$(NSPLATFORM_ID)-$(SECURITY)-$(DEBUG)-$(B_FORTEZZA)$(BUILD_PTHREADS)
- PKGTOP=$(ABS_ROOT)/built/adminutil/$(PKGDIR_NAME)
- PKGDIR=$(ABS_ROOT)/built/adminutil/$(PKGDIR_NAME)
-else
- PKGDIR_NAME=$(NSPLATFORM_ID)-$(SECURITY)-$(DEBUG)-$(B_FORTEZZA)
- PKGTOP=$(ABS_ROOT)/built/adminutil/$(PKGDIR_NAME)
- PKGDIR=$(ABS_ROOT)/built/adminutil/$(PKGDIR_NAME)
-endif
+PKGDIR_NAME=$(FULL_RTL_OBJDIR)
+PKGTOP=$(ABS_ROOT)/built/adminutil/$(PKGDIR_NAME)
+PKGDIR=$(PKGTOP)
ifdef BUILD_INTL
-ifeq ($(USE_PTHREADS), 1)
- PKGDIR_NAME=$(NSPLATFORM_ID)-$(SECURITY)-intl-$(DEBUG)-$(B_FORTEZZA)$(BUILD_PTHREADS)
- PKGTOP=$(ABS_ROOT)/built/adminutil/$(PKGDIR_NAME)
-else
- PKGDIR_NAME=$(NSPLATFORM_ID)-$(SECURITY)-intl-$(DEBUG)-$(B_FORTEZZA)
- PKGTOP=$(ABS_ROOT)/built/adminutil/$(PKGDIR_NAME)
-endif
+PKGDIR_NAME+=-intl
+PKGTOP=$(ABS_ROOT)/built/adminutil/$(PKGDIR_NAME)
PKGDIR=$(PKGTOP)
endif
18 years, 2 months
[Fedora-directory-commits] setuputil/installer/test Makefile, 1.1.1.1, 1.2
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/setuputil/installer/test
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv25947/setuputil/installer/test
Modified Files:
Makefile
Log Message:
change binary directory naming convention to the same one we use with pre-built binary components; remove old crufty Fortezza stuff; general makefile cleanup
Index: Makefile
===================================================================
RCS file: /cvs/dirsec/setuputil/installer/test/Makefile,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- Makefile 29 Jul 2005 22:16:30 -0000 1.1.1.1
+++ Makefile 29 Sep 2005 22:09:13 -0000 1.2
@@ -28,9 +28,9 @@
include $(BUILD_ROOT)/nsdefs.mk
ifneq ($(ARCH), WINNT)
-PKGTOP=$(BUILD_ROOT)/built/package/$(ARCH)-$(SECURITY)-$(DEBUG)-$(B_FORTEZZA)$(BUILD_PTHREADS)/installer
+PKGTOP=$(BUILD_ROOT)/built/package/$(PLATFORM_DEST)/installer
else
-PKGTOP=$(BUILD_ROOT)/built/package/$(ARCH)-$(SECURITY)-$(DEBUG)-$(B_FORTEZZA)$(BUILD_PTHREADS)/setup
+PKGTOP=$(BUILD_ROOT)/built/package/$(PLATFORM_DEST)/setup
endif
OBJDEST=$(OBJDIR)/test/obj
18 years, 2 months
[Fedora-directory-commits] setuputil/installer/lib Makefile, 1.1.1.1, 1.2
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/setuputil/installer/lib
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv25947/setuputil/installer/lib
Modified Files:
Makefile
Log Message:
change binary directory naming convention to the same one we use with pre-built binary components; remove old crufty Fortezza stuff; general makefile cleanup
Index: Makefile
===================================================================
RCS file: /cvs/dirsec/setuputil/installer/lib/Makefile,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- Makefile 29 Jul 2005 22:16:28 -0000 1.1.1.1
+++ Makefile 29 Sep 2005 22:09:06 -0000 1.2
@@ -31,7 +31,7 @@
# Build artifacts
ifeq ($(ARCH), WINNT)
-OBJDIR=$(BUILD_ROOT)/built/$(NSOS_ARCH)$(NSOS_RELEASE)$(64BIT_TAG)-$(SECURITY)-$(DEBUG)-$(B_FORTEZZA)-$(DIR)
+OBJDIR=$(BUILD_ROOT)/built/$(PLATFORM_DEST)
LIBDEST=$(OBJDIR)/lib
OBJDEST=$(LIBDEST)/nssetup
else
18 years, 2 months
[Fedora-directory-commits] setuputil/installer Makefile, 1.1.1.1, 1.2
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/setuputil/installer
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv25947/setuputil/installer
Modified Files:
Makefile
Log Message:
change binary directory naming convention to the same one we use with pre-built binary components; remove old crufty Fortezza stuff; general makefile cleanup
Index: Makefile
===================================================================
RCS file: /cvs/dirsec/setuputil/installer/Makefile,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- Makefile 29 Jul 2005 22:16:18 -0000 1.1.1.1
+++ Makefile 29 Sep 2005 22:08:59 -0000 1.2
@@ -38,10 +38,10 @@
include $(BUILD_ROOT)/nsconfig.mk
endif
-PKGDIR_NAME=$(NSPLATFORM_DIR)-$(SECURITY)-$(DEBUG)-$(B_FORTEZZA)$(BUILD_PTHREADS)
+PKGDIR_NAME=$(PLATFORM_DEST)
PKGTOP=$(ABS_ROOT)/built/package/$(PKGDIR_NAME)
ifdef BUILD_INTL
-PKGDIR_NAME=$(NSPLATFORM_DIR)-$(SECURITY)-intl-$(DEBUG)-$(B_FORTEZZA)$(NSOBJDIR_NAME)
+PKGDIR_NAME+=-intl
PKGTOP=$(ABS_ROOT)/built/package/$(PKGDIR_NAME)
endif
PKGDIR=$(PKGTOP)
18 years, 2 months
[Fedora-directory-commits] setuputil nsdefs.mk,1.1.1.1,1.2
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/setuputil
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv25947/setuputil
Modified Files:
nsdefs.mk
Log Message:
change binary directory naming convention to the same one we use with pre-built binary components; remove old crufty Fortezza stuff; general makefile cleanup
Index: nsdefs.mk
===================================================================
RCS file: /cvs/dirsec/setuputil/nsdefs.mk,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- nsdefs.mk 29 Jul 2005 22:16:18 -0000 1.1.1.1
+++ nsdefs.mk 29 Sep 2005 22:08:54 -0000 1.2
@@ -60,11 +60,6 @@
else
BUILD_PTHREADS=
endif
-ifdef FORTEZZA
-BUILD_FORTEZZA=fortezza
-else
-BUILD_FORTEZZA=normal
-endif
ifeq ($(USE_64), 1)
NS64TAG = _64
@@ -184,19 +179,10 @@
endif
NSPLATFORM_DIR=$(NSOS_ARCH)$(NSOS_RELEASE)$(ARCHTYPE)$(NS64TAG)
-PLATFORM_DEST=$(NSPLATFORM_DIR)-$(SECURITY)$(INTL_DEF)-$(DEBUG)-$(B_FORTEZZA)$(BUILD_PTHREADS)
+PLATFORM_DEST=$(NSOBJDIR_NAME)
PLATFORM_OBJDIR=$(ABS_ROOT)/built/$(PLATFORM_DEST)
PLATFORM_PACKAGE_DIR=$(ABS_ROOT)/built/package/$(PLATFORM_DEST)
-DEFAULT_OBJDIR=$(PLATFORM_OBJDIR)-installer
-
-#NSPR_BASENAME=nspr4
-
-ifeq ($(BUILD_MODULE), CONSOLE)
-PRODUCT="Fedora Console"
-DIR=console
-NO_BUILD_NUM=true
-NOSTDCLEAN=true
-endif
+DEFAULT_OBJDIR=$(PLATFORM_OBJDIR)
ifneq ($(NO_BUILD_NUM), true)
GET_BUILD_NUM := $(shell cat $(ABS_ROOT)/$(NSPLATFORM_DIR)/buildnum.dat)
@@ -273,7 +259,6 @@
ARCH=$(BUILD_ARCH)
SECURITY=$(BUILD_SECURITY)
DEBUG=$(BUILD_DEBUG)
-B_FORTEZZA=$(BUILD_FORTEZZA)
BOMB=$(BUILD_BOMB)
BUILD_DLL=$(BUILD_DLL_VERSION)
ADMINDLL_NAME=$(BUILD_ADMIN_NAME)
18 years, 2 months
[Fedora-directory-commits] ldapserver/ldap/cm/newinst setup.patch, 1.1.2.1, 1.1.2.2
by Doctor Conrad
Author: nhosoi
Update of /cvs/dirsec/ldapserver/ldap/cm/newinst
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23090
Modified Files:
Tag: Directory71RtmBranch
setup.patch
Log Message:
[169580] awk used in setup.patch had GNU specific syntax
setup.patch:
Index: setup.patch
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/cm/newinst/Attic/setup.patch,v
retrieving revision 1.1.2.1
retrieving revision 1.1.2.2
diff -u -r1.1.2.1 -r1.1.2.2
--- setup.patch 28 Sep 2005 22:47:14 -0000 1.1.2.1
+++ setup.patch 29 Sep 2005 20:51:59 -0000 1.1.2.2
@@ -110,7 +110,7 @@
siepid=`getValFromAdminConf "siepid:" "adm.conf"`
suitespotuser=`ls -l $dsconffile | awk '{print $3}'`
suitespotgroup=`ls -l $dsconffile | awk '{print $4}'`
-admindomain=`echo $ldaphost | awk -F. '{print $5 ? $2 "." $3 "." $4 "." $5: $4 ? $2 "." $3 "." $4 : $3 ? $2 "." $3 : $2 ? $2 : ""}'`
+admindomain=`echo $ldaphost | awk -F. '{if ($5) {print $2 "." $3 "." $4 "." $5} else if ($4) {print $2 "." $3 "." $4} else if ($3) {print $2 "." $3} else if ($2) {print $2} else {print ""}}'`
if [ "$admindomain" = "" ]; then
admindomain=`domainname`
fi
18 years, 2 months
[Fedora-directory-commits] mod_nss nss_engine_io.c,1.3,1.4
by Doctor Conrad
Author: rcritten
Update of /cvs/dirsec/mod_nss
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv21083
Modified Files:
nss_engine_io.c
Log Message:
Remove a debug msg that was left in on accident.
Index: nss_engine_io.c
===================================================================
RCS file: /cvs/dirsec/mod_nss/nss_engine_io.c,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- nss_engine_io.c 29 Jun 2005 22:29:02 -0000 1.3
+++ nss_engine_io.c 29 Sep 2005 19:36:10 -0000 1.4
@@ -504,8 +504,6 @@
outctx = filter_ctx->outctx;
res = PR_Write(filter_ctx->pssl, (char *)data, len);
- ap_log_error(APLOG_MARK, APLOG_INFO, 0, NULL,
- "Sent returned %d", res);
if (res < 0) {
int nss_err = PR_GetError();
18 years, 2 months
[Fedora-directory-commits] mod_nss/docs mod_nss.html,1.8,1.9
by Doctor Conrad
Author: rcritten
Update of /cvs/dirsec/mod_nss/docs
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv21038/docs
Modified Files:
mod_nss.html
Log Message:
Add proxy support to mod_nss. Most of the changes are related to
adding new configuration directives. For the others we need to
initialize an NSS socket differently whether we will be acting as a
client or a server.
Index: mod_nss.html
===================================================================
RCS file: /cvs/dirsec/mod_nss/docs/mod_nss.html,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- mod_nss.html 16 Sep 2005 13:07:37 -0000 1.8
+++ mod_nss.html 29 Sep 2005 19:35:44 -0000 1.9
@@ -1,4 +1,6 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
<!--
Copyright 2001-2005 The Apache Software Foundation
@@ -13,8 +15,6 @@
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
-->
-<html>
-<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="content-type">
<title>mod_nss</title>
@@ -32,25 +32,18 @@
<a href="#Environment">Environment Variables</a><br>
<a href="#Database_Management">Database Management</a><br>
<a href="#SSLv2">Why is SSLv2 disabled?</a><br>
-<br>
+<a href="#FAQ">Frequently Asked Questions</a><br>
<h1><a name="Introduction"></a>Introduction</h1>
The <a href="http://www.modssl.org/">mod_ssl</a> package was
created in April 1998 by <a href="mailto:rse@engelschall.com">Ralf S.
Engelschall</a> and was originally derived from the <a
href="http://www.apache-ssl.org/">Apache-SSL</a> package developed by <a
- href="mailto:ben@algroup.co.uk">Ben Laurie</a>. It stays under a
-BSD-style
-license which is equivalent to the license used by <a
- href="http://www.apache.org/">The Apache Group</a> for the Apache
-webserver
-itself. This means, in short, that you are free to use it both for
-commercial
-and non-commercial purposes as long as you retain the authors'
-copyright
-notices and give the proper credit.
-<br>
+ href="mailto:ben@algroup.co.uk">Ben Laurie</a>. It is licensed under
+the <a href="http://www.apache.org/licenses/" class="external"
+ title="http://www.apache.org/licenses/" rel="nofollow">Apache 2.0
+license</a><span class="urlexpansion">.<br>
<br>
-mod_nss is based directly on the mod_ssl package from Apache
+</span>mod_nss is based directly on the mod_ssl package from Apache
2.0.54. It is a conversion from using OpenSSL calls to using <a
href="http://www.mozilla.org/projects/security/pki/nss/">NSS</a>
calls instead.<br>
@@ -94,6 +87,20 @@
</td>
</tr>
<tr>
+ <td style="vertical-align: top;">--with-nss-inc=PATH<br>
+ </td>
+ <td style="vertical-align: top;">The file system path to the NSS
+include directory (e.g. /usr/local/include/nss3)<br>
+ </td>
+ </tr>
+ <tr>
+ <td style="vertical-align: top;">--with-nss-lib=PATH<br>
+ </td>
+ <td style="vertical-align: top;">The file system path to the NSS
+lib directory (e.g. /usr/local/lib)<br>
+ </td>
+ </tr>
+ <tr>
<td style="vertical-align: top;">--with-nspr=[PATH]<br>
</td>
<td style="vertical-align: top;">The file system path of the NSPR
@@ -101,6 +108,20 @@
PATH/include, etc.</td>
</tr>
<tr>
+ <td style="vertical-align: top;">--with-nspr-inc=PATH<br>
+ </td>
+ <td style="vertical-align: top;">The file system path to the NSPR
+include directory (e.g. /usr/local/include/nspr4)<br>
+ </td>
+ </tr>
+ <tr>
+ <td style="vertical-align: top;">--with-nspr-lib=PATH<br>
+ </td>
+ <td style="vertical-align: top;">The file system path to the NSPR
+lib directory (e.g. /usr/local/lib)<br>
+ </td>
+ </tr>
+ <tr>
<td style="vertical-align: top;">--with-apxs=[PATH]<br>
</td>
<td style="vertical-align: top;">The location of the apxs binary
@@ -117,7 +138,7 @@
</table>
<br>
If --with-nss or --with-nspr are not passed configure will look
-for the mozilla-[nss|nspr]-devel packages and use the libraries with
+for the [nss|nspr]-devel packages and use the libraries with
that if found.<br>
<br>
It is strongly recommended that the mozilla.org version be used.<br>
@@ -371,12 +392,12 @@
included in the NSSCipherSuite entry are automatically disabled.
The allowable ciphers are:<br>
<ul>
-<li>rsa_3des_sha</li>
-<li>rsa_des_sha</li>
-<li>fips_3des_sha</li>
-<li>fips_des_sha</li>
-<li>rsa_des_56_sha</li>
-<li>fortezza</li>
+ <li>rsa_3des_sha</li>
+ <li>rsa_des_sha</li>
+ <li>fips_3des_sha</li>
+ <li>fips_des_sha</li>
+ <li>rsa_des_56_sha</li>
+ <li>fortezza</li>
</ul>
<span style="font-weight: bold;"><br>
</span>FIPS is disabled by default.<br>
@@ -404,7 +425,8 @@
A space-separated list of the SSL ciphers used, with the prefix <code>+</code>
to enable or <code>-</code> to disable.<br>
<br>
-All ciphers are disabled by default. The SSLv2 ciphers cannot be enabled because
+All ciphers are disabled by default. The SSLv2 ciphers cannot be
+enabled because
<a href="#SSLv2">SSLv2</a> is not allowed in mod_nss.<br>
<br>
Available ciphers are:<br>
@@ -622,7 +644,7 @@
<code>NSSNickname Server-Cert</code><br>
<code>NSSNickname "This contains a space"</code><br>
<br>
-NSSEnforceValidCerts<br>
+<big><big>NSSEnforceValidCerts</big></big><br>
<br>
By default mod_nss will not start up if the server
certificate is not valid. This means that if the certificate has
@@ -636,7 +658,7 @@
<br>
<code>NSSEnforceValidCerts on</code><br>
<br>
-NSSVerifyClient<br>
+<big><big>NSSVerifyClient</big></big><br>
<br>
Determines whether Client Certificate
Authentication will be requested or required. This may be set in a
@@ -646,18 +668,17 @@
requested from the client.<br>
<br>
Available options are:<br>
-
<ul>
<li><code>none</code>: no client certificate
is required or requested<br>
- </li>
- <li>code>optional</code>: a client
+ </li>
+ <li>code>optional: a client
certificate is requested but if one is not available, the connection
may continue.<br>
- </li>
+ </li>
<li><code>require</code>: a valid client
certificate is required for the connection to continue.<br>
- </li>
+ </li>
</ul>
The mod_ssl option <code>option_no_ca</code>
is not supported.<br>
@@ -732,7 +753,45 @@
may be restricted (or allowed) based on any number of variables such as
components of the client certificate, the remote IP address, etc.<br>
<br>
-<code>NSSRequire</code><br>
+<span style="font-weight: bold;">Example</span><br>
+<br>
+<code>NSSRequire<br>
+</code><br>
+<big><big>NSSProxyEngine</big></big><br>
+<br>
+Enables or disables mod_nss HTTPS support for mod_proxy.<br>
+<br>
+<span style="font-weight: bold;">Example</span><br>
+<br>
+<code>NSSProxyEngine on</code><br>
+<br>
+<big><big>NSSProxyProtocol</big></big><br>
+<br>
+Specifies the SSL protocols that may be used in proxy connections. The
+syntax is identical to NSSProtocol.<br>
+<br>
+<span style="font-weight: bold;">Example</span><br>
+<br>
+<code>NSSProxyProtocol SSLv3<br>
+</code><br>
+<big><big>NSSProxyCipherSuite</big></big><br>
+<br>
+Specifies the SSL ciphers available for proxy connections. They syntax
+is identical to NSSCipherSuite.<br>
+<br>
+<span style="font-weight: bold;">Example</span><br>
+<br>
+<code>NSSProxyCipherSuite
++rsa_3des_sha,-rsa_null_md5,-rsa_null_sha,+rsa_rc4_128_md5</code><br>
+<br>
+<big><big>NSSProxyNickname</big></big><br>
+<br>
+The nickname of the client certificate to send if the remote server
+requests client authentication.<br>
+<br>
+<span style="font-weight: bold;">Example</span><br>
+<br>
+<code>NSSProxyNickname beta</code><br>
<h1><a name="Environment"></a>Environment Variables</h1>
Quite a few environment variables (for CGI and SSI) may be set
depending on the NSSOptions configuration. It can be expensive to set
@@ -1121,10 +1180,53 @@
<code>% certutil -V -n Server-Cert -u V -d .<br>
certutil: certificate is valid</code><br>
<h1><a name="SSLv2"></a>Why is SSLv2 disabled?</h1>
-All major browsers (Firefox, Internet Explorer, Mozilla, Netscape, Opera, and
-Safari) support SSL 3 and TLS so there is no need for a web server to support
+All major browsers (Firefox, Internet Explorer, Mozilla, Netscape,
+Opera, and
+Safari) support SSL 3 and TLS so there is no need for a web server to
+support
SSL 2. There are some known attacks against SSL 2 that are handled by
-SSL 3/TLS. SSL2 also doesn't support useful features like client authentication.
+SSL 3/TLS. SSL2 also doesn't support useful features like client
+authentication.
+<br>
+<h1><a name="FAQ"></a>Frequently Asked Questions</h1>
+Q. Does mod_nss support mod_proxy?<br>
<br>
+A. In order to use the mod_nss proxy support you will need to build
+your own mod_proxy by applying a patch found in bug <a
+ href="http://issues.apache.org/bugzilla/show_bug.cgi?id=36468">36468</a>.
+The patch is needed so we can compare the hostname contained in the
+remote certificate with the hostname you meant to visit. This prevents
+man-in-the-middle attacks.<br>
+<br>
+You also have to change the SSL functions that mod_proxy looks to use.
+You'll need to apply this patch:<br>
+<br>
+<code>1038,1039c1038,1039<br>
+< APR_DECLARE_OPTIONAL_FN(int, ssl_proxy_enable, (conn_rec *));<br>
+< APR_DECLARE_OPTIONAL_FN(int, ssl_engine_disable, (conn_rec *));<br>
+---<br>
+> APR_DECLARE_OPTIONAL_FN(int, nss_proxy_enable, (conn_rec *));<br>
+> APR_DECLARE_OPTIONAL_FN(int, nss_engine_disable, (conn_rec *));<br>
+1041,1042c1041,1042<br>
+< static APR_OPTIONAL_FN_TYPE(ssl_proxy_enable) *proxy_ssl_enable =
+NULL;<br>
+< static APR_OPTIONAL_FN_TYPE(ssl_engine_disable) *proxy_ssl_disable
+= NULL;<br>
+---<br>
+> static APR_OPTIONAL_FN_TYPE(nss_proxy_enable) *proxy_ssl_enable =
+NULL;<br>
+> static APR_OPTIONAL_FN_TYPE(nss_engine_disable) *proxy_ssl_disable
+= NULL;<br>
+1069,1070c1069,1070<br>
+< proxy_ssl_enable =
+APR_RETRIEVE_OPTIONAL_FN(ssl_proxy_enable);<br>
+< proxy_ssl_disable =
+APR_RETRIEVE_OPTIONAL_FN(ssl_engine_disable);<br>
+---<br>
+> proxy_ssl_enable =
+APR_RETRIEVE_OPTIONAL_FN(nss_proxy_enable);<br>
+> proxy_ssl_disable =
+APR_RETRIEVE_OPTIONAL_FN(nss_engine_disable);<br>
+</code><br>
</body>
</html>
18 years, 2 months