[packages/apache-mod_nss.git] / apache-mod_nss-config.patch

--- mod_nss-1.0.8/nss.conf.in~	2006-10-20 18:23:39.000000000 +0300
+++ mod_nss-1.0.8/nss.conf.in	2008-10-03 23:49:38.490473661 +0300
@@ -1,4 +1,5 @@
-#
+LoadModule nss_module	modules/libmodnss.so
+
 # This is the Apache server configuration file providing SSL support using.
 # the mod_nss plugin.  It contains the configuration directives to instruct
 # the server how to serve pages over an https connection.
@@ -8,14 +9,15 @@
 # consult the online docs. You have been warned.  
 #
 
+<IfModule mod_nss.c>
 #
 # When we also provide SSL we have to listen to the 
 # standard HTTP port (see above) and to the HTTPS port
 #
 # Note: Configurations that use IPv6 but not IPv4-mapped addresses need two
-#       Listen directives: "Listen [::]:443" and "Listen 0.0.0.0:443"
+#       Listen directives: "Listen [::]:8443" and "Listen 0.0.0.0:8443"
 #
-Listen 443
+Listen 8443
 
 ##
 ##  SSL Global Context
@@ -68,17 +70,17 @@
 ## SSL Virtual Host Context
 ##
 
-<VirtualHost _default_:443>
+<VirtualHost _default_:8443>
 
 #   General setup for the virtual host
-#DocumentRoot "@apache_prefix@/htdocs"
-#ServerName www.example.com:443
+#DocumentRoot "/home/services/httpd/html"
+#ServerName www.example.com:8443
 #ServerAdmin you@example.com
 
 # mod_nss can log to separate log files, you can choose to do that if you'd like
 # LogLevel is not inherited from httpd.conf.
-#ErrorLog @apache_prefix@/logs/error_log
-#TransferLog @apache_prefix@/logs/access_log
+#ErrorLog logs/error_log
+#TransferLog logs/access_log
 LogLevel warn
 
 #   SSL Engine Switch:
@@ -113,7 +115,7 @@
 #   The NSS security database directory that holds the certificates and
 #   keys. The database consists of 3 files: cert8.db, key3.db and secmod.db.
 #   Provide the directory that these files exist.
-NSSCertificateDatabase @apache_conf@
+NSSCertificateDatabase @apache_conf@/nss
 
 #   Database Prefix:
 #   In order to be able to store multiple NSS databases in one directory
@@ -126,6 +128,14 @@
 #   require.
 #NSSVerifyClient none
 
+
+#   By default mod_nss will not start up if the server certificate is not
+#   valid. This means that if the certificate has expired or is signed by a CA
+#   that is not trusted in the NSS certificate database the server will not
+#   start.
+#   Not enforcing a valid server certificate is not recommended.
+NSSEnforceValidCerts off
+
 #
 #   Online Certificate Status Protocol (OCSP).
 #   Verify that certificates have not been revoked before accepting them.
@@ -189,7 +199,7 @@
 <Files ~ "\.(cgi|shtml|phtml|php3?)$">
     NSSOptions +StdEnvVars
 </Files>
-<Directory "@apache_prefix@/cgi-bin">
+<Directory "/home/services/httpd/cgi-bin">
     NSSOptions +StdEnvVars
 </Directory>
 
@@ -201,3 +211,4 @@
 
 </VirtualHost>                                  
 
+</IfModule>
Commit	Line	Data
e5988e0f ER	1	--- mod_nss-1.0.8/nss.conf.in~ 2006-10-20 18:23:39.000000000 +0300
	2	+++ mod_nss-1.0.8/nss.conf.in 2008-10-03 23:49:38.490473661 +0300
	3	@@ -1,4 +1,5 @@
af964ecd ER	4	-#
	5	+LoadModule nss_module modules/libmodnss.so
	6	+
	7	# This is the Apache server configuration file providing SSL support using.
	8	# the mod_nss plugin. It contains the configuration directives to instruct
e5988e0f ER	9	# the server how to serve pages over an https connection.
	10	@@ -8,14 +9,15 @@
	11	# consult the online docs. You have been warned.
af964ecd ER	12	#
	13
	14	+<IfModule mod_nss.c>
	15	#
	16	# When we also provide SSL we have to listen to the
e5988e0f ER	17	# standard HTTP port (see above) and to the HTTPS port
e5988e0f ER	18	#
70fac32b ER	19	# Note: Configurations that use IPv6 but not IPv4-mapped addresses need two
	20	-# Listen directives: "Listen [::]:443" and "Listen 0.0.0.0:443"
	21	+# Listen directives: "Listen [::]:8443" and "Listen 0.0.0.0:8443"
	22	#
	23	-Listen 443
	24	+Listen 8443
	25
e5988e0f ER	26	##
	27	## SSL Global Context
	28	@@ -68,17 +70,17 @@
	29	## SSL Virtual Host Context
70fac32b ER	30	##
	31
	32	-<VirtualHost _default_:443>
	33	+<VirtualHost _default_:8443>
	34
	35	# General setup for the virtual host
	36	-#DocumentRoot "@apache_prefix@/htdocs"
	37	-#ServerName www.example.com:443
	38	+#DocumentRoot "/home/services/httpd/html"
	39	+#ServerName www.example.com:8443
	40	#ServerAdmin you@example.com
	41
	42	# mod_nss can log to separate log files, you can choose to do that if you'd like
	43	# LogLevel is not inherited from httpd.conf.
	44	-#ErrorLog @apache_prefix@/logs/error_log
	45	-#TransferLog @apache_prefix@/logs/access_log
	46	+#ErrorLog logs/error_log
	47	+#TransferLog logs/access_log
	48	LogLevel warn
	49
e5988e0f ER	50	# SSL Engine Switch:
	51	@@ -113,7 +115,7 @@
	52	# The NSS security database directory that holds the certificates and
90adf98b ER	53	# keys. The database consists of 3 files: cert8.db, key3.db and secmod.db.
	54	# Provide the directory that these files exist.
	55	-NSSCertificateDatabase @apache_conf@
	56	+NSSCertificateDatabase @apache_conf@/nss
	57
	58	# Database Prefix:
e5988e0f ER	59	# In order to be able to store multiple NSS databases in one directory
	60	@@ -126,6 +128,14 @@
	61	# require.
	62	#NSSVerifyClient none
	63
	64	+
	65	+# By default mod_nss will not start up if the server certificate is not
	66	+# valid. This means that if the certificate has expired or is signed by a CA
	67	+# that is not trusted in the NSS certificate database the server will not
	68	+# start.
	69	+# Not enforcing a valid server certificate is not recommended.
	70	+NSSEnforceValidCerts off
	71	+
	72	#
	73	# Online Certificate Status Protocol (OCSP).
	74	# Verify that certificates have not been revoked before accepting them.
	75	@@ -189,7 +199,7 @@
	76	<Files ~ "\.(cgi\|shtml\|phtml\|php3?)$">
70fac32b ER	77	NSSOptions +StdEnvVars
	78	</Files>
	79	-<Directory "@apache_prefix@/cgi-bin">
	80	+<Directory "/home/services/httpd/cgi-bin">
	81	NSSOptions +StdEnvVars
	82	</Directory>
e5988e0f ER	83
	84	@@ -201,3 +211,4 @@
	85
	86	</VirtualHost>
	87
af964ecd	88	+</IfModule>