diff options
| author | Jan Cholasta <jcholast@redhat.com> | 2013-11-26 08:53:34 +0000 |
|---|---|---|
| committer | Petr Viktorin <pviktori@redhat.com> | 2013-11-26 12:58:17 +0100 |
| commit | f20577ddc4ab40c2365c8abaa703d96019ec4eef (patch) | |
| tree | f4bdd1e96da42d0e4cf66572443eb1326f9ecd4a | |
| parent | 63d4f306867095654d1b46c8731a95140a5126ce (diff) | |
| download | freeipa-f20577ddc4ab40c2365c8abaa703d96019ec4eef.tar.gz freeipa-f20577ddc4ab40c2365c8abaa703d96019ec4eef.tar.xz freeipa-f20577ddc4ab40c2365c8abaa703d96019ec4eef.zip | |
Remove mod_ssl port workaround.
https://fedorahosted.org/freeipa/ticket/4021
| -rw-r--r-- | freeipa.spec.in | 8 | ||||
| -rw-r--r-- | install/tools/ipa-upgradeconfig | 2 | ||||
| -rw-r--r-- | ipaserver/install/httpinstance.py | 17 |
3 files changed, 15 insertions, 12 deletions
diff --git a/freeipa.spec.in b/freeipa.spec.in index ebc2f156..2a738dda 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -114,14 +114,14 @@ Requires: krb5-server >= 1.10 Requires: krb5-pkinit-openssl Requires: cyrus-sasl-gssapi%{?_isa} Requires: ntp -Requires: httpd +Requires: httpd >= 2.4.6-6 Requires: mod_wsgi %if 0%{?fedora} >= 18 Requires: mod_auth_kerb >= 5.4-16 %else Requires: mod_auth_kerb >= 5.4-8 %endif -Requires: mod_nss >= 1.0.8-24 +Requires: mod_nss >= 1.0.8-26 Requires: python-ldap Requires: python-krbV Requires: acl @@ -839,6 +839,10 @@ fi %endif # ONLY_CLIENT %changelog +* Tue Nov 26 2013 Jan Cholasta <jcholast@redhat.com> - 3.3.90-6 +- Set minimum version of httpd to 2.4.6-6 +- Set minimum version of mod_nss to 1.0.8-26 + * Tue Nov 12 2013 Tomas Babej<tbabej@redhat.com> - 3.3.90-5 - Add Fedora 19 platform files diff --git a/install/tools/ipa-upgradeconfig b/install/tools/ipa-upgradeconfig index 41c51263..10526f22 100644 --- a/install/tools/ipa-upgradeconfig +++ b/install/tools/ipa-upgradeconfig @@ -1047,7 +1047,7 @@ def main(): http.remove_httpd_ccache() http.configure_selinux_for_httpd() http.configure_httpd_ccache() - http.change_mod_nss_port_to_http() + http.change_mod_nss_port_from_http() ds = dsinstance.DsInstance() ds.configure_dirsrv_ccache() diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py index 689e657e..e61a0c6d 100644 --- a/ipaserver/install/httpinstance.py +++ b/ipaserver/install/httpinstance.py @@ -253,25 +253,24 @@ class HTTPInstance(service.Service): http_fd.close() os.chmod(target_fname, 0644) - def change_mod_nss_port_to_http(self): + def change_mod_nss_port_from_http(self): # mod_ssl enforces SSLEngine on for vhost on 443 even though # the listener is mod_nss. This then crashes the httpd as mod_nss # listened port obviously does not match mod_ssl requirements. # - # Change port to http to workaround the mod_ssl check, the SSL is - # enforced in the vhost later, so it is benign. + # The workaround for this was to change port to http. It is no longer + # necessary, as mod_nss now ships with default configuration which + # sets SSLEngine off when mod_ssl is installed. # - # Remove when https://bugzilla.redhat.com/show_bug.cgi?id=1023168 - # is fixed. - if not sysupgrade.get_upgrade_state('nss.conf', 'listen_port_updated'): - installutils.set_directive(NSS_CONF, 'Listen', '443 http', quotes=False) - sysupgrade.set_upgrade_state('nss.conf', 'listen_port_updated', True) + # Remove the workaround. + if sysupgrade.get_upgrade_state('nss.conf', 'listen_port_updated'): + installutils.set_directive(NSS_CONF, 'Listen', '443', quotes=False) + sysupgrade.set_upgrade_state('nss.conf', 'listen_port_updated', False) def __set_mod_nss_port(self): self.fstore.backup_file(NSS_CONF) if installutils.update_file(NSS_CONF, '8443', '443') != 0: print "Updating port in %s failed." % NSS_CONF - self.change_mod_nss_port_to_http() def __set_mod_nss_nickname(self, nickname): installutils.set_directive(NSS_CONF, 'NSSNickname', nickname) |