9991ea
From 940afde411eb9ba52252ae80188f4fdbb87a9554 Mon Sep 17 00:00:00 2001
9991ea
From: Jan Cholasta <jcholast@redhat.com>
9991ea
Date: Tue, 26 Nov 2013 08:53:34 +0000
9991ea
Subject: [PATCH 07/10] Remove mod_ssl port workaround.
9991ea
9991ea
https://fedorahosted.org/freeipa/ticket/4021
9991ea
---
9991ea
 freeipa.spec.in                   |  8 ++++++--
9991ea
 install/tools/ipa-upgradeconfig   |  2 +-
9991ea
 ipaserver/install/httpinstance.py | 17 ++++++++---------
9991ea
 3 files changed, 15 insertions(+), 12 deletions(-)
9991ea
9991ea
diff --git a/freeipa.spec.in b/freeipa.spec.in
9991ea
index a091164907735d659be61fe29221cbce6934c77d..69ec29d9ff58bf3a25e25b35d5f3ba1d43741124 100644
9991ea
--- a/freeipa.spec.in
9991ea
+++ b/freeipa.spec.in
9991ea
@@ -114,14 +114,14 @@ Requires: krb5-server >= 1.10
9991ea
 Requires: krb5-pkinit-openssl
9991ea
 Requires: cyrus-sasl-gssapi%{?_isa}
9991ea
 Requires: ntp
9991ea
-Requires: httpd
9991ea
+Requires: httpd >= 2.4.6-6
9991ea
 Requires: mod_wsgi
9991ea
 %if 0%{?fedora} >= 18
9991ea
 Requires: mod_auth_kerb >= 5.4-16
9991ea
 %else
9991ea
 Requires: mod_auth_kerb >= 5.4-8
9991ea
 %endif
9991ea
-Requires: mod_nss >= 1.0.8-24
9991ea
+Requires: mod_nss >= 1.0.8-26
9991ea
 Requires: python-ldap
9991ea
 Requires: python-krbV
9991ea
 Requires: acl
9991ea
@@ -832,6 +832,10 @@ fi
9991ea
 %endif # ONLY_CLIENT
9991ea
 
9991ea
 %changelog
9991ea
+* Tue Nov 26 2013 Jan Cholasta <jcholast@redhat.com> - 3.3.2-2
9991ea
+- Set minimum version of httpd to 2.4.6-6
9991ea
+- Set minimum version of mod_nss to 1.0.8-26
9991ea
+
9991ea
 * Fri Oct 25 2013 Martin Kosek <mkosek@redhat.com> - 3.3.2-1
9991ea
 - Remove mod_ssl conflict, it can now live with mod_nss installed
9991ea
 
9991ea
diff --git a/install/tools/ipa-upgradeconfig b/install/tools/ipa-upgradeconfig
9991ea
index 41c51263d5fc8b3a0e2f28bab89fc9d2d184fdca..10526f226798c78ae75972b82a2f72b200a8aacf 100644
9991ea
--- a/install/tools/ipa-upgradeconfig
9991ea
+++ b/install/tools/ipa-upgradeconfig
9991ea
@@ -1047,7 +1047,7 @@ def main():
9991ea
     http.remove_httpd_ccache()
9991ea
     http.configure_selinux_for_httpd()
9991ea
     http.configure_httpd_ccache()
9991ea
-    http.change_mod_nss_port_to_http()
9991ea
+    http.change_mod_nss_port_from_http()
9991ea
 
9991ea
     ds = dsinstance.DsInstance()
9991ea
     ds.configure_dirsrv_ccache()
9991ea
diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py
9991ea
index 689e657e291b93d90038937a61f67915c0d582ec..e61a0c6d1526f29acb4647710e559a5bb32a58c0 100644
9991ea
--- a/ipaserver/install/httpinstance.py
9991ea
+++ b/ipaserver/install/httpinstance.py
9991ea
@@ -253,25 +253,24 @@ def __configure_http(self):
9991ea
         http_fd.close()
9991ea
         os.chmod(target_fname, 0644)
9991ea
 
9991ea
-    def change_mod_nss_port_to_http(self):
9991ea
+    def change_mod_nss_port_from_http(self):
9991ea
         # mod_ssl enforces SSLEngine on for vhost on 443 even though
9991ea
         # the listener is mod_nss. This then crashes the httpd as mod_nss
9991ea
         # listened port obviously does not match mod_ssl requirements.
9991ea
         #
9991ea
-        # Change port to http to workaround the mod_ssl check, the SSL is
9991ea
-        # enforced in the vhost later, so it is benign.
9991ea
+        # The workaround for this was to change port to http. It is no longer
9991ea
+        # necessary, as mod_nss now ships with default configuration which
9991ea
+        # sets SSLEngine off when mod_ssl is installed.
9991ea
         #
9991ea
-        # Remove when https://bugzilla.redhat.com/show_bug.cgi?id=1023168
9991ea
-        # is fixed.
9991ea
-        if not sysupgrade.get_upgrade_state('nss.conf', 'listen_port_updated'):
9991ea
-            installutils.set_directive(NSS_CONF, 'Listen', '443 http', quotes=False)
9991ea
-            sysupgrade.set_upgrade_state('nss.conf', 'listen_port_updated', True)
9991ea
+        # Remove the workaround.
9991ea
+        if sysupgrade.get_upgrade_state('nss.conf', 'listen_port_updated'):
9991ea
+            installutils.set_directive(NSS_CONF, 'Listen', '443', quotes=False)
9991ea
+            sysupgrade.set_upgrade_state('nss.conf', 'listen_port_updated', False)
9991ea
 
9991ea
     def __set_mod_nss_port(self):
9991ea
         self.fstore.backup_file(NSS_CONF)
9991ea
         if installutils.update_file(NSS_CONF, '8443', '443') != 0:
9991ea
             print "Updating port in %s failed." % NSS_CONF
9991ea
-        self.change_mod_nss_port_to_http()
9991ea
 
9991ea
     def __set_mod_nss_nickname(self, nickname):
9991ea
         installutils.set_directive(NSS_CONF, 'NSSNickname', nickname)
9991ea
-- 
9991ea
1.8.3.1
9991ea