summaryrefslogtreecommitdiffstats
path: root/nss_engine_config.c
diff options
context:
space:
mode:
authorRob Crittenden <rcritten@redhat.com>2016-02-29 22:33:23 -0500
committerRob Crittenden <rcritten@redhat.com>2016-03-01 11:42:27 -0500
commit105d65bfedfa0e381dcebd197ef67aab799fc8b1 (patch)
tree87bb5d4c0fb34884a7f47efeb8c86192859bb534 /nss_engine_config.c
parent8e8befca612a8f70b9d47de5393c134aecf81494 (diff)
downloadmod_nss-105d65bfedfa0e381dcebd197ef67aab799fc8b1.tar.gz
mod_nss-105d65bfedfa0e381dcebd197ef67aab799fc8b1.tar.xz
mod_nss-105d65bfedfa0e381dcebd197ef67aab799fc8b1.zip
Check filesystem permissions on NSS database at startup
See if the configured user has read access to the NSS database during initialization so the server can gracefully shutdown rather than ending up in a forking loop because the database is owned by root and is therefore unreadable once Apache starts forking. Adds a new configuration option, NSSSkipPermissionCheck <on/off>, to skip this check in case something goes wrong. https://fedorahosted.org/mod_nss/ticket/3
Diffstat (limited to 'nss_engine_config.c')
-rw-r--r--nss_engine_config.c11
1 files changed, 11 insertions, 0 deletions
diff --git a/nss_engine_config.c b/nss_engine_config.c
index c0c7155..4adff52 100644
--- a/nss_engine_config.c
+++ b/nss_engine_config.c
@@ -54,6 +54,7 @@ SSLModConfigRec *nss_config_global_create(server_rec *s)
mc->aRandSeed = apr_array_make(pool, 4,
sizeof(ssl_randseed_t));
mc->semid = 0;
+ mc->skip_permission_check = PR_FALSE;
apr_pool_userdata_set(mc, SSL_MOD_CONFIG_KEY,
apr_pool_cleanup_null,
@@ -803,6 +804,16 @@ const char *nss_cmd_NSSRandomSeed(cmd_parms *cmd,
return NULL;
}
+const char *nss_cmd_NSSSkipPermissionCheck(cmd_parms *cmd,
+ void *dcfg, int flag)
+{
+ SSLModConfigRec *mc = myModConfig(cmd->server);
+
+ mc->skip_permission_check = flag ? PR_TRUE: PR_FALSE;
+
+ return NULL;
+}
+
const char *nss_cmd_NSSSessionTickets(cmd_parms *cmd,
void *dcfg, int flag)
{
generated by cgit (git 2.34.1) at 2025-07-03 16:57:13 +0000