#47334 NSS unknown protocol errors when restarting Admin Server with SSL enabled
Closed: wontfix None Opened 10 years ago by nkinder.

When troubleshooting bug #919192, Jan encountered the following problem:


When I try to restart admin server from console with SSL enabled, it succeeds
but I see following errors:

[jrusnack@dstet ~]$ tail -n 15 /var/log/dirsrv/admin-serv/error
[Wed Apr 17 05:17:34 2013] [notice] SELinux policy enabled; httpd running as
context unconfined_u:system_r:httpd_t:s0
[Wed Apr 17 05:17:35 2013] [warn] NSSProtocol: Unknown protocol '"sslv2' not
supported
[Wed Apr 17 05:17:35 2013] [warn] NSSProtocol: Unknown protocol 'tlsv1"' not
supported
[Wed Apr 17 05:17:35 2013] [notice] Access Host filter is: .example.com
[Wed Apr 17 05:17:35 2013] [notice] Access Address filter is:

[Wed Apr 17 05:17:36 2013] [notice] Apache/2.2.15 (Unix) mod_nss/2.2.15
NSS/3.14.0.0 Basic ECC configured -- resuming normal operations
[Wed Apr 17 05:17:36 2013] [warn] NSSProtocol: Unknown protocol '"sslv2' not
supported
[Wed Apr 17 05:17:36 2013] [warn] NSSProtocol: Unknown protocol 'tlsv1"' not
supported
[Wed Apr 17 05:17:36 2013] [notice] Access Host filter is: .example.com
[Wed Apr 17 05:17:36 2013] [notice] Access Address filter is:

[Wed Apr 17 05:17:50 2013] [notice] [client 192.168.122.187]
admserv_host_ip_check: ap_get_remote_host could not resolve 192.168.122.187
[Wed Apr 17 05:17:50 2013] [notice] [client 192.168.122.187]
admserv_host_ip_check: host [dstet] did not match pattern [*.example.com] -will
scan aliases
[Wed Apr 17 05:17:50 2013] [notice] [client 192.168.122.187]
admserv_check_authz(): passing [/admin-serv/authenticate] to the userauth
handler
[Wed Apr 17 05:17:55 2013] [notice] [client 127.0.0.1] admserv_host_ip_check:
ap_get_remote_host could not resolve 127.0.0.1
[Wed Apr 17 05:17:55 2013] [notice] [client 127.0.0.1] admserv_host_ip_check:
ap_get_remote_host could not resolve 127.0.0.1


The problem here is that the NSSProtocol setting in
/etc/dirsrv/admin-serv/console.conf is quoted, but mod_nss doesn't like the
value when it is quoted:


[jrusnack@dstet admin-serv]$ grep -R -i "tlsv1" *
bakup/console.conf:NSSProtocol SSLv3,TLSv1
console.conf:NSSProtocol "SSLv2,SSLv3,TLSv1"
console.conf.rpmsave:NSSProtocol SSLv3,TLSv1


The problem is that admserv/cgi-src40/sec-activate.c:update_conf() quotes the
values.


Pushed to master (e42063913d9ac804c782151b56ee5c695f308d36):

Counting objects: 9, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (5/5), done.
Writing objects: 100% (5/5), 910 bytes, done.
Total 5 (delta 4), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/admin.git
7e277bf..e420639 master -> master

Metadata Update from @nkinder:
- Issue set to the milestone: 389-admin,console 1.1.35

7 years ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/389ds/389-ds-base/issues/671

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @spichugi:
- Issue close_status updated to: wontfix (was: Fixed)

3 years ago

Login to comment on this ticket.

Metadata