diff options
| author | rcritten <> | 2005-06-29 22:28:10 +0000 |
|---|---|---|
| committer | rcritten <> | 2005-06-29 22:28:10 +0000 |
| commit | e882f3002bf2791b056ef7fcd98bc72a9518b1e1 (patch) | |
| tree | 1c7a77617186a10629b66d1a41944b05e2cea1bb | |
| parent | 765a354d6f7de94782fbfa2a9cea65be14316b91 (diff) | |
| download | mod_nss-e882f3002bf2791b056ef7fcd98bc72a9518b1e1.tar.gz mod_nss-e882f3002bf2791b056ef7fcd98bc72a9518b1e1.tar.xz mod_nss-e882f3002bf2791b056ef7fcd98bc72a9518b1e1.zip | |
Add NSS database prefix support
| -rw-r--r-- | mod_nss.c | 3 | ||||
| -rw-r--r-- | mod_nss.h | 2 | ||||
| -rw-r--r-- | nss.conf.in | 12 | ||||
| -rw-r--r-- | nss_engine_config.c | 12 | ||||
| -rw-r--r-- | nss_engine_init.c | 25 | ||||
| -rw-r--r-- | nss_pcache.c | 6 |
6 files changed, 48 insertions, 12 deletions
@@ -41,6 +41,9 @@ static const command_rec nss_config_cmds[] = { SSL_CMD_SRV(CertificateDatabase, TAKE1, "SSL Server Certificate database " "(`/path/to/file'") + SSL_CMD_SRV(DBPrefix, TAKE1, + "NSS Database prefix (optional) " + "(`my-prefix-'") SSL_CMD_SRV(SessionCacheTimeout, TAKE1, "SSL 2 Session Cache object lifetime " "(`N' - number of seconds)") @@ -202,6 +202,7 @@ typedef struct { int nInitCount; apr_pool_t *pPool; const char *pCertificateDatabase; + const char *pDBPrefix; /* config for SSL session cache */ int session_cache_size; @@ -312,6 +313,7 @@ void *nss_config_server_create(apr_pool_t *p, server_rec *s); void *nss_config_server_merge(apr_pool_t *p, void *basev, void *addv); const char *nss_cmd_NSSEngine(cmd_parms *, void *, int); const char *nss_cmd_NSSCertificateDatabase(cmd_parms *cmd, void *dcfg, const char *arg); +const char *nss_cmd_NSSDBPrefix(cmd_parms *cmd, void *dcfg, const char *arg); const char *nss_cmd_NSSCipherSuite(cmd_parms *cmd, void *dcfg, const char *arg); const char *nss_cmd_NSSVerifyClient(cmd_parms *cmd, void *dcfg, const char *arg); const char *nss_cmd_NSSProtocol(cmd_parms *cmd, void *dcfg, const char *arg); diff --git a/nss.conf.in b/nss.conf.in index 77b46df..6cefa04 100644 --- a/nss.conf.in +++ b/nss.conf.in @@ -61,9 +61,9 @@ NSSSession3CacheTimeout 86400 #ServerName www.example.com:443 #ServerAdmin you@example.com -# mod_ssl logs to separate log files, you can choose to do that if you'd like -ErrorLog @apache_prefix@/logs/error_log -TransferLog @apache_prefix@/logs/access_log +# mod_nss can log to separate log files, you can choose to do that if you'd like +#ErrorLog @apache_prefix@/logs/error_log +#TransferLog @apache_prefix@/logs/access_log # SSL Engine Switch: # Enable/Disable SSL for this virtual host. @@ -86,6 +86,12 @@ NSSNickname Server-Cert # Provide the directory that these files exist. NSSCertificateDatabase @apache_conf@ +# Database Prefix: +# In order to be able to store multiple NSS databases in one directory +# they need unique names. This option sets the database prefix used for +# cert8.db and key3.db. +#NSSDBPrefix my-prefix- + # Client Authentication (Type): # Client certificate verification type. Types are none, optional and # require. diff --git a/nss_engine_config.c b/nss_engine_config.c index ee18f64..3600bc9 100644 --- a/nss_engine_config.c +++ b/nss_engine_config.c @@ -45,6 +45,7 @@ SSLModConfigRec *nss_config_global_create(server_rec *s) */ mc->nInitCount = 0; mc->pCertificateDatabase = NULL; + mc->pDBPrefix = NULL; mc->session_cache_size = UNSET; mc->session_cache_timeout = UNSET; mc->ssl3_session_cache_timeout = UNSET; @@ -273,6 +274,17 @@ const char *nss_cmd_NSSCertificateDatabase(cmd_parms *cmd, return NULL; } +const char *nss_cmd_NSSDBPrefix(cmd_parms *cmd, + void *dcfg, + const char *arg) +{ + SSLModConfigRec *mc = myModConfig(cmd->server); + + mc->pDBPrefix = arg; + + return NULL; +} + const char *nss_cmd_NSSCipherSuite(cmd_parms *cmd, void *dcfg, const char *arg) diff --git a/nss_engine_init.c b/nss_engine_init.c index 94f00af..a73e463 100644 --- a/nss_engine_init.c +++ b/nss_engine_init.c @@ -98,17 +98,23 @@ static void nss_add_version_components(apr_pool_t *p, /* * Initialize SSL library + * + * If sslenabled is not set then there is no need to prompt for the token + * passwords. */ -static void nss_init_SSLLibrary(server_rec *s) +static void nss_init_SSLLibrary(server_rec *s, int sslenabled) { SECStatus rv; SSLModConfigRec *mc = myModConfig(s); + SSLSrvConfigRec *sc; + + sc = mySrvConfig(s); ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, "Init: %snitializing NSS library", mc->nInitCount == 1 ? "I" : "Re-i"); /* Do we need to fire up our password helper? */ - if (mc->nInitCount == 1) { + if (mc->nInitCount == 1 && sslenabled) { const char * child_argv[3]; apr_status_t rv; @@ -121,7 +127,8 @@ static void nss_init_SSLLibrary(server_rec *s) child_argv[0] = mc->pphrase_dialog_helper; child_argv[1] = mc->pCertificateDatabase; - child_argv[2] = NULL; + child_argv[2] = mc->pDBPrefix; + child_argv[3] = NULL; rv = apr_procattr_create(&mc->procattr, mc->pPool); @@ -165,10 +172,10 @@ static void nss_init_SSLLibrary(server_rec *s) PK11_ConfigurePKCS11(NULL,NULL,NULL, INTERNAL_TOKEN_NAME, NULL, NULL,NULL,NULL,8,1); /* Initialize NSS and open the certificate database read-only. */ - rv = NSS_Initialize(mc->pCertificateDatabase, NULL, NULL, "secmod.db", NSS_INIT_READONLY); + rv = NSS_Initialize(mc->pCertificateDatabase, mc->pDBPrefix, mc->pDBPrefix, "secmod.db", NSS_INIT_READONLY); /* Assuming everything is ok so far, check the cert database password(s). */ - if (rv != SECSuccess || nss_Init_Tokens(s) != SECSuccess) { + if (sslenabled && (rv != SECSuccess || nss_Init_Tokens(s) != SECSuccess)) { NSS_Shutdown(); ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "NSS initialization failed. Certificate database: %s.", mc->pCertificateDatabase != NULL ? mc->pCertificateDatabase : "not set in configuration"); @@ -197,6 +204,7 @@ int nss_init_Module(apr_pool_t *p, apr_pool_t *plog, SSLModConfigRec *mc = myModConfig(base_server); SSLSrvConfigRec *sc; server_rec *s; + int sslenabled = FALSE; mc->nInitCount++; @@ -259,12 +267,16 @@ int nss_init_Module(apr_pool_t *p, apr_pool_t *plog, sc->enabled = FALSE; } + if (sc->enabled == TRUE) { + sslenabled = TRUE; + } + if (sc->proxy_enabled == UNSET) { sc->proxy_enabled = FALSE; } } - nss_init_SSLLibrary(base_server); + nss_init_SSLLibrary(base_server, sslenabled); ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, "done Init: Initializing NSS library"); @@ -294,6 +306,7 @@ int nss_init_Module(apr_pool_t *p, apr_pool_t *plog, nss_init_ConfigureServer(s, p, ptemp, sc); } + /* * Announce mod_ssl and SSL library in HTTP Server field * as ``mod_ssl/X.X.X OpenSSL/X.X.X'' diff --git a/nss_pcache.c b/nss_pcache.c index 5912c02..9baa829 100644 --- a/nss_pcache.c +++ b/nss_pcache.c @@ -297,8 +297,8 @@ int main(int argc, char ** argv) char * tokenName; char * tokenpw; - if (argc != 2) { - fprintf(stderr, "Usage: nss_pcache <directory>\n"); + if (argc < 2 || argc > 3) { + fprintf(stderr, "Usage: nss_pcache <directory> <prefix>\n"); exit(1); } @@ -309,7 +309,7 @@ int main(int argc, char ** argv) PK11_ConfigurePKCS11(NULL,NULL,NULL, INTERNAL_TOKEN_NAME, NULL, NULL,NULL,NULL,8,1); /* Initialize NSS and open the certificate database read-only. */ - rv = NSS_Initialize(argv[1], NULL, NULL, "secmod.db", NSS_INIT_READONLY); + rv = NSS_Initialize(argv[1], argc == 3 ? argv[2] : NULL, argc == 3 ? argv[2] : NULL, "secmod.db", NSS_INIT_READONLY); in = PR_GetSpecialFD(PR_StandardInput); out = PR_GetSpecialFD(PR_StandardOutput); |