diff options
author | rcritten <> | 2008-05-16 15:16:02 +0000 |
---|---|---|
committer | rcritten <> | 2008-05-16 15:16:02 +0000 |
commit | 70604635a44eecb3cb73303ed421e3006e4153b5 (patch) | |
tree | 3f3a0de15fb61bdeee274730a439937802e16d26 /nss_engine_pphrase.c | |
parent | f0cbeb223317ecec841ce4203834633b7d8184b3 (diff) | |
download | mod_nss-70604635a44eecb3cb73303ed421e3006e4153b5.tar.gz mod_nss-70604635a44eecb3cb73303ed421e3006e4153b5.tar.xz mod_nss-70604635a44eecb3cb73303ed421e3006e4153b5.zip |
Make FIPS mode work. This fixes 2 problems:
1. In nss_init_SSLLibrary() the server config wasn't being set properly
for each virtual server so FIPS wasn't getting turned on.
2. There seem to be a problem in NSS_Shutdown() that makes subsequent
logins appear to succeed but they actually are skipped causing keys
and certs to not be available.
Also switch an error message to a warning related to FIPS ciphers.
Diffstat (limited to 'nss_engine_pphrase.c')
-rw-r--r-- | nss_engine_pphrase.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/nss_engine_pphrase.c b/nss_engine_pphrase.c index 83005bf..8a77301 100644 --- a/nss_engine_pphrase.c +++ b/nss_engine_pphrase.c @@ -62,6 +62,13 @@ SECStatus nss_Init_Tokens(server_rec *s) { PK11SlotInfo *slot = listEntry->slot; + /* This is needed to work around a bug in NSS while in FIPS mode. + * The first login will succeed but NSS_Shutdown() isn't cleaning + * something up causing subsequent logins to be skipped making + * keys and certs unavailable. + */ + PK11_Logout(slot); + if (PK11_NeedLogin(slot) && PK11_NeedUserInit(slot)) { if (slot == PK11_GetInternalKeySlot()) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, |