From 940afde411eb9ba52252ae80188f4fdbb87a9554 Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jcholast@redhat.com>
Date: Tue, 26 Nov 2013 08:53:34 +0000
Subject: [PATCH 07/10] Remove mod_ssl port workaround.
https://fedorahosted.org/freeipa/ticket/4021
---
freeipa.spec.in | 8 ++++++--
install/tools/ipa-upgradeconfig | 2 +-
ipaserver/install/httpinstance.py | 17 ++++++++---------
3 files changed, 15 insertions(+), 12 deletions(-)
diff --git a/freeipa.spec.in b/freeipa.spec.in
index a091164907735d659be61fe29221cbce6934c77d..69ec29d9ff58bf3a25e25b35d5f3ba1d43741124 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -114,14 +114,14 @@ Requires: krb5-server >= 1.10
Requires: krb5-pkinit-openssl
Requires: cyrus-sasl-gssapi%{?_isa}
Requires: ntp
-Requires: httpd
+Requires: httpd >= 2.4.6-6
Requires: mod_wsgi
%if 0%{?fedora} >= 18
Requires: mod_auth_kerb >= 5.4-16
%else
Requires: mod_auth_kerb >= 5.4-8
%endif
-Requires: mod_nss >= 1.0.8-24
+Requires: mod_nss >= 1.0.8-26
Requires: python-ldap
Requires: python-krbV
Requires: acl
@@ -832,6 +832,10 @@ fi
%endif # ONLY_CLIENT
%changelog
+* Tue Nov 26 2013 Jan Cholasta <jcholast@redhat.com> - 3.3.2-2
+- Set minimum version of httpd to 2.4.6-6
+- Set minimum version of mod_nss to 1.0.8-26
+
* Fri Oct 25 2013 Martin Kosek <mkosek@redhat.com> - 3.3.2-1
- Remove mod_ssl conflict, it can now live with mod_nss installed
diff --git a/install/tools/ipa-upgradeconfig b/install/tools/ipa-upgradeconfig
index 41c51263d5fc8b3a0e2f28bab89fc9d2d184fdca..10526f226798c78ae75972b82a2f72b200a8aacf 100644
--- a/install/tools/ipa-upgradeconfig
+++ b/install/tools/ipa-upgradeconfig
@@ -1047,7 +1047,7 @@ def main():
http.remove_httpd_ccache()
http.configure_selinux_for_httpd()
http.configure_httpd_ccache()
- http.change_mod_nss_port_to_http()
+ http.change_mod_nss_port_from_http()
ds = dsinstance.DsInstance()
ds.configure_dirsrv_ccache()
diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py
index 689e657e291b93d90038937a61f67915c0d582ec..e61a0c6d1526f29acb4647710e559a5bb32a58c0 100644
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@@ -253,25 +253,24 @@ def __configure_http(self):
http_fd.close()
os.chmod(target_fname, 0644)
- def change_mod_nss_port_to_http(self):
+ def change_mod_nss_port_from_http(self):
# mod_ssl enforces SSLEngine on for vhost on 443 even though
# the listener is mod_nss. This then crashes the httpd as mod_nss
# listened port obviously does not match mod_ssl requirements.
#
- # Change port to http to workaround the mod_ssl check, the SSL is
- # enforced in the vhost later, so it is benign.
+ # The workaround for this was to change port to http. It is no longer
+ # necessary, as mod_nss now ships with default configuration which
+ # sets SSLEngine off when mod_ssl is installed.
#
- # Remove when https://bugzilla.redhat.com/show_bug.cgi?id=1023168
- # is fixed.
- if not sysupgrade.get_upgrade_state('nss.conf', 'listen_port_updated'):
- installutils.set_directive(NSS_CONF, 'Listen', '443 http', quotes=False)
- sysupgrade.set_upgrade_state('nss.conf', 'listen_port_updated', True)
+ # Remove the workaround.
+ if sysupgrade.get_upgrade_state('nss.conf', 'listen_port_updated'):
+ installutils.set_directive(NSS_CONF, 'Listen', '443', quotes=False)
+ sysupgrade.set_upgrade_state('nss.conf', 'listen_port_updated', False)
def __set_mod_nss_port(self):
self.fstore.backup_file(NSS_CONF)
if installutils.update_file(NSS_CONF, '8443', '443') != 0:
print "Updating port in %s failed." % NSS_CONF
- self.change_mod_nss_port_to_http()
def __set_mod_nss_nickname(self, nickname):
installutils.set_directive(NSS_CONF, 'NSSNickname', nickname)
--
1.8.3.1