- our cert is not valid, allow default config to run

Changed files:
    apache-mod_nss-config.patch -> 1.4

diff --git a/apache-mod_nss-config.patch b/apache-mod_nss-config.patch
index 0f29c52e6cda534317a2144041710fe09f531c7d..4805ab1954f0f59cee6f22d59e47000d86e5d87e 100644 (file)
--- a/apache-mod_nss-config.patch
+++ b/apache-mod_nss-config.patch
@@ -1,19 +1,21 @@
-diff -U2 mod_nss-1.0.7/nss.conf.in mod_nss-1.0.7/nss.conf.in
---- mod_nss-1.0.7/nss.conf.in  2008-06-17 09:14:46.944230209 +0300
-+++ mod_nss-1.0.7/nss.conf.in  2008-06-17 09:37:06.875135679 +0300
-@@ -1,3 +1,4 @@
+--- mod_nss-1.0.8/nss.conf.in~ 2006-10-20 18:23:39.000000000 +0300
++++ mod_nss-1.0.8/nss.conf.in  2008-10-03 23:49:38.490473661 +0300
+@@ -1,4 +1,5 @@
 -#
 +LoadModule nss_module modules/libmodnss.so
 +
  # This is the Apache server configuration file providing SSL support using.
  # the mod_nss plugin.  It contains the configuration directives to instruct
-@@ -9,4 +10,5 @@
+ # the server how to serve pages over an https connection.
+@@ -8,14 +9,15 @@
+ # consult the online docs. You have been warned.  
  #
  
 +<IfModule mod_nss.c>
  #
  # When we also provide SSL we have to listen to the 
-@@ -15,5 +17,5 @@
+ # standard HTTP port (see above) and to the HTTPS port
+ #
  # Note: Configurations that use IPv6 but not IPv4-mapped addresses need two
 -#       Listen directives: "Listen [::]:443" and "Listen 0.0.0.0:443"
 +#       Listen directives: "Listen [::]:8443" and "Listen 0.0.0.0:8443"
@@ -21,7 +23,10 @@ diff -U2 mod_nss-1.0.7/nss.conf.in mod_nss-1.0.7/nss.conf.in
 -Listen 443
 +Listen 8443
  
-@@ -69,15 +71,15 @@
+ ##
+ ##  SSL Global Context
+@@ -68,17 +70,17 @@
+ ## SSL Virtual Host Context
  ##
  
 -<VirtualHost _default_:443>
@@ -42,19 +47,42 @@ diff -U2 mod_nss-1.0.7/nss.conf.in mod_nss-1.0.7/nss.conf.in
 +#TransferLog logs/access_log
  LogLevel warn
  
-@@ -114,5 +116,5 @@
+ #   SSL Engine Switch:
+@@ -113,7 +115,7 @@
+ #   The NSS security database directory that holds the certificates and
  #   keys. The database consists of 3 files: cert8.db, key3.db and secmod.db.
  #   Provide the directory that these files exist.
 -NSSCertificateDatabase @apache_conf@
 +NSSCertificateDatabase @apache_conf@/nss
  
  #   Database Prefix:
-@@ -190,5 +192,5 @@
+ #   In order to be able to store multiple NSS databases in one directory
+@@ -126,6 +128,14 @@
+ #   require.
+ #NSSVerifyClient none
+ 
++
++#   By default mod_nss will not start up if the server certificate is not
++#   valid. This means that if the certificate has expired or is signed by a CA
++#   that is not trusted in the NSS certificate database the server will not
++#   start.
++#   Not enforcing a valid server certificate is not recommended.
++NSSEnforceValidCerts off
++
+ #
+ #   Online Certificate Status Protocol (OCSP).
+ #   Verify that certificates have not been revoked before accepting them.
+@@ -189,7 +199,7 @@
+ <Files ~ "\.(cgi|shtml|phtml|php3?)$">
      NSSOptions +StdEnvVars
  </Files>
 -<Directory "@apache_prefix@/cgi-bin">
 +<Directory "/home/services/httpd/cgi-bin">
      NSSOptions +StdEnvVars
  </Directory>
-@@ -203,0 +206 @@
+ 
+@@ -201,3 +211,4 @@
+ 
+ </VirtualHost>                                  
+ 
 +</IfModule>