Author: rmeggins
Update of /cvs/dirsec/adminserver
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14602/adminserver
Modified Files:
configure.ac aclocal.m4 configure config.h.in missing
install-sh depcomp compile Makefile.in config.sub config.guess
Log Message:
Resolves: bug 426056
Bug Description: Unable to connect to admin express via SSL - firefox cipher issues?
Reviewed by: nkinder, nhosoi (Thanks!)
Fix Description: The admin server was defaulting to EXPORT instead of DOMESTIC so was not
enabling the domestic ciphers by default. Then when the admin server SSL was configured,
it would give it a list of old ciphers not currently supported by Firefox. Also, we are
still being affected by Bug 151705 Processed: AS 6.2 Console cipher preferences bug, so
when the list of ciphers pops up, you have to make sure all of the SSLv2 ciphers are
disabled and the SSLv3 and TLS ciphers you want to use are enabled.
I also discovered a problem with the ugdsconfig CGI program - it was being caught by the
admldapBuildInfoSSL problem where it tries to use the SIEDN to bind. So I had to use the
same hack used in mod_admserv and elsewhere to force it to use the correct bind dn and
password.
Finally, I updated the list of ciphers in console.conf to reflect the full list of ciphers
supported by mod_nss.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
Index: configure.ac
===================================================================
RCS file: /cvs/dirsec/adminserver/configure.ac,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -r1.23 -r1.24
--- configure.ac 12 Dec 2007 00:45:38 -0000 1.23
+++ configure.ac 18 Dec 2007 19:55:22 -0000 1.24
@@ -102,6 +102,8 @@
m4_include(m4/fhs.m4)
+AC_DEFINE([NS_DOMESTIC], [1], [Domestic security level enabled by default])
+
# server userid, groupid
httpduser=nobody
httpdgroup=nobody
Index: configure
===================================================================
RCS file: /cvs/dirsec/adminserver/configure,v
retrieving revision 1.41
retrieving revision 1.42
diff -u -r1.41 -r1.42
--- configure 17 Dec 2007 20:10:05 -0000 1.41
+++ configure 18 Dec 2007 19:55:22 -0000 1.42
@@ -23030,6 +23030,12 @@
fi
+
+cat >>confdefs.h <<\_ACEOF
+#define NS_DOMESTIC 1
+_ACEOF
+
+
# server userid, groupid
httpduser=nobody
httpdgroup=nobody
Index: config.h.in
===================================================================
RCS file: /cvs/dirsec/adminserver/config.h.in,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- config.h.in 30 Jul 2007 23:13:45 -0000 1.6
+++ config.h.in 18 Dec 2007 19:55:23 -0000 1.7
@@ -248,6 +248,9 @@
/* Define to 1 if your C compiler doesn't accept -c and -o together. */
#undef NO_MINUS_C_MINUS_O
+/* Domestic security level enabled by default */
+#undef NS_DOMESTIC
+
/* OS version */
#undef OSVERSION
Show replies by date