diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2013-10-11 18:45:01 -0400 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2014-02-21 14:20:19 -0500 |
| commit | 2a8b28143b44282939b432fc155b74d847044885 (patch) | |
| tree | 660864777db296a643aae15d9105b37bd53b741e | |
| parent | 14ce3fcc21e1952aae3d84a9c227e3f40cb0b133 (diff) | |
| download | mod_nss-2a8b28143b44282939b432fc155b74d847044885.tar.gz mod_nss-2a8b28143b44282939b432fc155b74d847044885.tar.xz mod_nss-2a8b28143b44282939b432fc155b74d847044885.zip | |
Clarify the error messages to distinguish between server and proxy
Help clarify the error messages which didn't previously distinguish
between the following three variables:
NSSProtocol versus NSSProxyProtocol,
NSSCipherSuite versus NSSProxyCipherSuite, and
NSSNickname versus NSSProxyNickname
Ported from BZ 769906
| -rw-r--r-- | nss_engine_init.c | 42 |
1 files changed, 38 insertions, 4 deletions
diff --git a/nss_engine_init.c b/nss_engine_init.c index 0e584cb..283468f 100644 --- a/nss_engine_init.c +++ b/nss_engine_init.c @@ -903,8 +903,25 @@ static void nss_init_ctx_cipher_suite(server_rec *s, * Configure SSL Cipher Suite */ if (!suite) { - ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, - "Required value NSSCipherSuite not set."); + /* + * Since this is a 'fatal' error, regardless of whether this + * particular invocation is from a 'server' object or a 'proxy' + * object, issue all error message(s) as appropriate. + */ + if ((mctx->sc->enabled == TRUE) && + (mctx->sc->server) && + (!mctx->sc->server->auth.cipher_suite)) { + ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, + "NSSEngine on; required value NSSCipherSuite not set."); + } + + if ((mctx->sc->proxy_enabled == TRUE) && + (mctx->sc->proxy) && + (!mctx->sc->proxy->auth.cipher_suite)) { + ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, + "NSSProxyEngine on; required value NSSProxyCipherSuite not set."); + } + nss_die(); } @@ -1206,8 +1223,25 @@ static void nss_init_server_certs(server_rec *s, if (mctx->nickname == NULL) #endif { - ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, - "No certificate nickname provided."); + /* + * Since this is a 'fatal' error, regardless of whether this + * particular invocation is from a 'server' object or a 'proxy' + * object, issue all error message(s) as appropriate. + */ + if ((mctx->sc->enabled == TRUE) && + (mctx->sc->server) && + (mctx->sc->server->nickname == NULL)) { + ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, + "NSSEngine on; no certificate nickname provided by NSSNickname."); + } + + if ((mctx->sc->proxy_enabled == TRUE) && + (mctx->sc->proxy) && + (mctx->sc->proxy->nickname == NULL)) { + ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, + "NSSProxyEngine on; no certificate nickname provided by NSSProxyNickname."); + } + nss_die(); } |