diff options
-rw-r--r-- | freeipa.spec.in | 8 | ||||
-rw-r--r-- | install/tools/ipa-upgradeconfig | 2 | ||||
-rw-r--r-- | ipaserver/install/httpinstance.py | 17 |
3 files changed, 12 insertions, 15 deletions
diff --git a/freeipa.spec.in b/freeipa.spec.in index 48296c89..c0f5118d 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -118,14 +118,14 @@ Requires: krb5-server >= 1.10 Requires: krb5-pkinit-openssl Requires: cyrus-sasl-gssapi%{?_isa} Requires: ntp -Requires: httpd >= 2.4.6-6 +Requires: httpd Requires: mod_wsgi %if 0%{?fedora} >= 18 Requires: mod_auth_kerb >= 5.4-16 %else Requires: mod_auth_kerb >= 5.4-8 %endif -Requires: mod_nss >= 1.0.8-26 +Requires: mod_nss >= 1.0.8-24 Requires: python-ldap Requires: python-krbV Requires: acl @@ -837,10 +837,6 @@ fi %endif # ONLY_CLIENT %changelog -* Tue Nov 26 2013 Jan Cholasta <jcholast@redhat.com> - 3.3.2-2 -- Set minimum version of httpd to 2.4.6-6 -- Set minimum version of mod_nss to 1.0.8-26 - * Fri Oct 25 2013 Martin Kosek <mkosek@redhat.com> - 3.3.2-1 - Remove mod_ssl conflict, it can now live with mod_nss installed diff --git a/install/tools/ipa-upgradeconfig b/install/tools/ipa-upgradeconfig index 10526f22..41c51263 100644 --- a/install/tools/ipa-upgradeconfig +++ b/install/tools/ipa-upgradeconfig @@ -1047,7 +1047,7 @@ def main(): http.remove_httpd_ccache() http.configure_selinux_for_httpd() http.configure_httpd_ccache() - http.change_mod_nss_port_from_http() + http.change_mod_nss_port_to_http() ds = dsinstance.DsInstance() ds.configure_dirsrv_ccache() diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py index e61a0c6d..689e657e 100644 --- a/ipaserver/install/httpinstance.py +++ b/ipaserver/install/httpinstance.py @@ -253,24 +253,25 @@ class HTTPInstance(service.Service): http_fd.close() os.chmod(target_fname, 0644) - def change_mod_nss_port_from_http(self): + def change_mod_nss_port_to_http(self): # mod_ssl enforces SSLEngine on for vhost on 443 even though # the listener is mod_nss. This then crashes the httpd as mod_nss # listened port obviously does not match mod_ssl requirements. # - # The workaround for this was to change port to http. It is no longer - # necessary, as mod_nss now ships with default configuration which - # sets SSLEngine off when mod_ssl is installed. + # Change port to http to workaround the mod_ssl check, the SSL is + # enforced in the vhost later, so it is benign. # - # Remove the workaround. - if sysupgrade.get_upgrade_state('nss.conf', 'listen_port_updated'): - installutils.set_directive(NSS_CONF, 'Listen', '443', quotes=False) - sysupgrade.set_upgrade_state('nss.conf', 'listen_port_updated', False) + # Remove when https://bugzilla.redhat.com/show_bug.cgi?id=1023168 + # is fixed. + if not sysupgrade.get_upgrade_state('nss.conf', 'listen_port_updated'): + installutils.set_directive(NSS_CONF, 'Listen', '443 http', quotes=False) + sysupgrade.set_upgrade_state('nss.conf', 'listen_port_updated', True) def __set_mod_nss_port(self): self.fstore.backup_file(NSS_CONF) if installutils.update_file(NSS_CONF, '8443', '443') != 0: print "Updating port in %s failed." % NSS_CONF + self.change_mod_nss_port_to_http() def __set_mod_nss_nickname(self, nickname): installutils.set_directive(NSS_CONF, 'NSSNickname', nickname) |