Author: rmeggins Update of /cvs/dirsec/adminserver In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14602/adminserver Modified Files: configure.ac aclocal.m4 configure config.h.in missing install-sh depcomp compile Makefile.in config.sub config.guess Log Message: Resolves: bug 426056 Bug Description: Unable to connect to admin express via SSL - firefox cipher issues? Reviewed by: nkinder, nhosoi (Thanks!) Fix Description: The admin server was defaulting to EXPORT instead of DOMESTIC so was not enabling the domestic ciphers by default. Then when the admin server SSL was configured, it would give it a list of old ciphers not currently supported by Firefox. Also, we are still being affected by Bug 151705 Processed: AS 6.2 Console cipher preferences bug, so when the list of ciphers pops up, you have to make sure all of the SSLv2 ciphers are disabled and the SSLv3 and TLS ciphers you want to use are enabled. I also discovered a problem with the ugdsconfig CGI program - it was being caught by the admldapBuildInfoSSL problem where it tries to use the SIEDN to bind. So I had to use the same hack used in mod_admserv and elsewhere to force it to use the correct bind dn and password. Finally, I updated the list of ciphers in console.conf to reflect the full list of ciphers supported by mod_nss. Platforms tested: RHEL5 x86_64 Flag Day: no Doc impact: no Index: configure.ac =================================================================== RCS file: /cvs/dirsec/adminserver/configure.ac,v retrieving revision 1.23 retrieving revision 1.24 diff -u -r1.23 -r1.24 --- configure.ac 12 Dec 2007 00:45:38 -0000 1.23 +++ configure.ac 18 Dec 2007 19:55:22 -0000 1.24 @@ -102,6 +102,8 @@ m4_include(m4/fhs.m4) +AC_DEFINE([NS_DOMESTIC], [1], [Domestic security level enabled by default]) + # server userid, groupid httpduser=nobody httpdgroup=nobody Index: configure =================================================================== RCS file: /cvs/dirsec/adminserver/configure,v retrieving revision 1.41 retrieving revision 1.42 diff -u -r1.41 -r1.42 --- configure 17 Dec 2007 20:10:05 -0000 1.41 +++ configure 18 Dec 2007 19:55:22 -0000 1.42 @@ -23030,6 +23030,12 @@ fi + +cat >>confdefs.h <<\_ACEOF +#define NS_DOMESTIC 1 +_ACEOF + + # server userid, groupid httpduser=nobody httpdgroup=nobody Index: config.h.in =================================================================== RCS file: /cvs/dirsec/adminserver/config.h.in,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- config.h.in 30 Jul 2007 23:13:45 -0000 1.6 +++ config.h.in 18 Dec 2007 19:55:23 -0000 1.7 @@ -248,6 +248,9 @@ /* Define to 1 if your C compiler doesn't accept -c and -o together. */ #undef NO_MINUS_C_MINUS_O +/* Domestic security level enabled by default */ +#undef NS_DOMESTIC + /* OS version */ #undef OSVERSION