-diff -U2 mod_nss-1.0.7/nss.conf.in mod_nss-1.0.7/nss.conf.in
---- mod_nss-1.0.7/nss.conf.in 2008-06-17 09:14:46.944230209 +0300
-+++ mod_nss-1.0.7/nss.conf.in 2008-06-17 09:37:06.875135679 +0300
-@@ -1,3 +1,4 @@
+--- mod_nss-1.0.8/nss.conf.in~ 2006-10-20 18:23:39.000000000 +0300
++++ mod_nss-1.0.8/nss.conf.in 2008-10-03 23:49:38.490473661 +0300
+@@ -1,4 +1,5 @@
-#
+LoadModule nss_module modules/libmodnss.so
+
# This is the Apache server configuration file providing SSL support using.
# the mod_nss plugin. It contains the configuration directives to instruct
-@@ -9,4 +10,5 @@
+ # the server how to serve pages over an https connection.
+@@ -8,14 +9,15 @@
+ # consult the online docs. You have been warned.
#
+<IfModule mod_nss.c>
#
# When we also provide SSL we have to listen to the
-@@ -15,5 +17,5 @@
+ # standard HTTP port (see above) and to the HTTPS port
+ #
# Note: Configurations that use IPv6 but not IPv4-mapped addresses need two
-# Listen directives: "Listen [::]:443" and "Listen 0.0.0.0:443"
+# Listen directives: "Listen [::]:8443" and "Listen 0.0.0.0:8443"
-Listen 443
+Listen 8443
-@@ -69,15 +71,15 @@
+ ##
+ ## SSL Global Context
+@@ -68,17 +70,17 @@
+ ## SSL Virtual Host Context
##
-<VirtualHost _default_:443>
+#TransferLog logs/access_log
LogLevel warn
-@@ -114,5 +116,5 @@
+ # SSL Engine Switch:
+@@ -113,7 +115,7 @@
+ # The NSS security database directory that holds the certificates and
# keys. The database consists of 3 files: cert8.db, key3.db and secmod.db.
# Provide the directory that these files exist.
-NSSCertificateDatabase @apache_conf@
+NSSCertificateDatabase @apache_conf@/nss
# Database Prefix:
-@@ -190,5 +192,5 @@
+ # In order to be able to store multiple NSS databases in one directory
+@@ -126,6 +128,14 @@
+ # require.
+ #NSSVerifyClient none
+
++
++# By default mod_nss will not start up if the server certificate is not
++# valid. This means that if the certificate has expired or is signed by a CA
++# that is not trusted in the NSS certificate database the server will not
++# start.
++# Not enforcing a valid server certificate is not recommended.
++NSSEnforceValidCerts off
++
+ #
+ # Online Certificate Status Protocol (OCSP).
+ # Verify that certificates have not been revoked before accepting them.
+@@ -189,7 +199,7 @@
+ <Files ~ "\.(cgi|shtml|phtml|php3?)$">
NSSOptions +StdEnvVars
</Files>
-<Directory "@apache_prefix@/cgi-bin">
+<Directory "/home/services/httpd/cgi-bin">
NSSOptions +StdEnvVars
</Directory>
-@@ -203,0 +206 @@
+
+@@ -201,3 +211,4 @@
+
+ </VirtualHost>
+
+</IfModule>