When troubleshooting bug #919192, Jan encountered the following problem:
When I try to restart admin server from console with SSL enabled, it succeeds but I see following errors:
[jrusnack@dstet ~]$ tail -n 15 /var/log/dirsrv/admin-serv/error [Wed Apr 17 05:17:34 2013] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0 [Wed Apr 17 05:17:35 2013] [warn] NSSProtocol: Unknown protocol '"sslv2' not supported [Wed Apr 17 05:17:35 2013] [warn] NSSProtocol: Unknown protocol 'tlsv1"' not supported [Wed Apr 17 05:17:35 2013] [notice] Access Host filter is: .example.com [Wed Apr 17 05:17:35 2013] [notice] Access Address filter is: [Wed Apr 17 05:17:36 2013] [notice] Apache/2.2.15 (Unix) mod_nss/2.2.15 NSS/3.14.0.0 Basic ECC configured -- resuming normal operations [Wed Apr 17 05:17:36 2013] [warn] NSSProtocol: Unknown protocol '"sslv2' not supported [Wed Apr 17 05:17:36 2013] [warn] NSSProtocol: Unknown protocol 'tlsv1"' not supported [Wed Apr 17 05:17:36 2013] [notice] Access Host filter is: .example.com [Wed Apr 17 05:17:36 2013] [notice] Access Address filter is: [Wed Apr 17 05:17:50 2013] [notice] [client 192.168.122.187] admserv_host_ip_check: ap_get_remote_host could not resolve 192.168.122.187 [Wed Apr 17 05:17:50 2013] [notice] [client 192.168.122.187] admserv_host_ip_check: host [dstet] did not match pattern [*.example.com] -will scan aliases [Wed Apr 17 05:17:50 2013] [notice] [client 192.168.122.187] admserv_check_authz(): passing [/admin-serv/authenticate] to the userauth handler [Wed Apr 17 05:17:55 2013] [notice] [client 127.0.0.1] admserv_host_ip_check: ap_get_remote_host could not resolve 127.0.0.1 [Wed Apr 17 05:17:55 2013] [notice] [client 127.0.0.1] admserv_host_ip_check: ap_get_remote_host could not resolve 127.0.0.1
The problem here is that the NSSProtocol setting in /etc/dirsrv/admin-serv/console.conf is quoted, but mod_nss doesn't like the value when it is quoted:
[jrusnack@dstet admin-serv]$ grep -R -i "tlsv1" * bakup/console.conf:NSSProtocol SSLv3,TLSv1 console.conf:NSSProtocol "SSLv2,SSLv3,TLSv1" console.conf.rpmsave:NSSProtocol SSLv3,TLSv1
The problem is that admserv/cgi-src40/sec-activate.c:update_conf() quotes the values.
attachment 0001-Ticket-47334-Avoid-quoting-all-settings-in-console.c.patch
Pushed to master (e42063913d9ac804c782151b56ee5c695f308d36):
Counting objects: 9, done. Delta compression using up to 4 threads. Compressing objects: 100% (5/5), done. Writing objects: 100% (5/5), 910 bytes, done. Total 5 (delta 4), reused 0 (delta 0) To ssh://git.fedorahosted.org/git/389/admin.git 7e277bf..e420639 master -> master
Metadata Update from @nkinder: - Issue set to the milestone: 389-admin,console 1.1.35
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/671
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: Fixed)
Login to comment on this ticket.