[Fedora-directory-commits] mod_nss nss_engine_init.c,1.15,1.16
Robert Crittenden (rcritten)
fedora-directory-commits at redhat.com
Fri Oct 28 18:20:08 UTC 2005
Author: rcritten
Update of /cvs/dirsec/mod_nss
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7458
Modified Files:
nss_engine_init.c
Log Message:
Add in check to be sure that the same server isn't initialized with SSL
more than once. This avoids a crash during shutdown where the same
certificates and keys will try to be released multiple times. This is
based on ssl_init_server_check() from mod_ssl.
Index: nss_engine_init.c
===================================================================
RCS file: /cvs/dirsec/mod_nss/nss_engine_init.c,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -r1.15 -r1.16
--- nss_engine_init.c 11 Oct 2005 15:01:34 -0000 1.15
+++ nss_engine_init.c 28 Oct 2005 18:20:01 -0000 1.16
@@ -717,6 +717,19 @@
}
}
+static void nss_init_server_check(server_rec *s,
+ apr_pool_t *p,
+ apr_pool_t *ptemp,
+ modnss_ctx_t *mctx)
+{
+ if (mctx->servercert != NULL || mctx->serverkey != NULL) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
+ "Illegal attempt to re-initialise SSL for server "
+ "(theoretically shouldn't happen!)");
+ nss_die();
+ }
+}
+
static void nss_init_ctx(server_rec *s,
apr_pool_t *p,
apr_pool_t *ptemp,
@@ -895,6 +908,8 @@
apr_pool_t *ptemp,
SSLSrvConfigRec *sc)
{
+ nss_init_server_check(s, p, ptemp, sc->server);
+
nss_init_ctx(s, p, ptemp, sc->server);
nss_init_server_certs(s, p, ptemp, sc->server);
More information about the 389-commits
mailing list