--- /dev/null
+#!/bin/bash
+#
+# distcache Startup script for the Distcache SSL Session Cache Client Proxy
+#
+# chkconfig: - 88 12
+# description: Distcache is a Distributed SSL Session Cache Client Proxy.
+# processname: dc_client
+# config: /etc/sysconfig/distcache
+# pidfile: /var/run/dc_client.pid
+
+# Source function library.
+. /etc/rc.d/init.d/functions
+
+if [ -f /etc/sysconfig/distcache ]; then
+ . /etc/sysconfig/distcache
+fi
+
+port=${PORT-5555}
+socket=${SOCKET-/var/cache/mod_ssl/distcache}
+server=${SERVER-localhost}:${port}
+owner=${OWNER-apache}
+
+prog=dc_client
+RETVAL=0
+runas=nobody
+dc_client=/usr/bin/dc_client
+pidfile=/var/run/dc_client.pid
+
+OPTIONS="-daemon -pidfile ${pidfile} -listen UNIX:${socket} \
+ -sockowner ${owner} -sockperms 0600 -user ${runas} -server IP:${server}"
+
+start() {
+ echo -n $"Starting $prog: "
+ daemon $dc_client $OPTIONS
+ RETVAL=$?
+ echo
+ [ $RETVAL = 0 ] && touch /var/lock/subsys/dc_client
+ return $RETVAL
+}
+stop() {
+ echo -n $"Stopping $prog: "
+ killproc $dc_client
+ RETVAL=$?
+ echo
+ [ $RETVAL = 0 ] && rm -f /var/lock/subsys/dc_client /var/run/dc_client.pid
+}
+
+# See how we were called.
+case "$1" in
+ start)
+ start
+ ;;
+ stop)
+ stop
+ ;;
+ status)
+ status $dc_client
+ RETVAL=$?
+ ;;
+ restart)
+ stop
+ start
+ ;;
+ condrestart)
+ if [ -f /var/run/dc_client.pid ] ; then
+ stop
+ start
+ fi
+ ;;
+ reload)
+ reload
+ ;;
+ *)
+ echo $"Usage: $prog {start|stop|restart|condrestart|status|help}"
+ exit 1
+esac
+
+exit $RETVAL
--- /dev/null
+#!/bin/bash
+#
+# distcache Startup script for the Distcache SSL Session Cache Server
+#
+# chkconfig: - 90 10
+# description: Distcache is a Distributed SSL Session Cache server.
+# processname: dc_server
+# config: /etc/sysconfig/distcache
+# pidfile: /var/run/dc_server.pid
+
+# Source function library.
+. /etc/rc.d/init.d/functions
+
+if [ -f /etc/sysconfig/distcache ]; then
+ . /etc/sysconfig/distcache
+fi
+
+port=${PORT-5555}
+sessions=${SESSIONS-3000}
+
+prog=dc_server
+RETVAL=0
+runas=nobody
+dc_server=/usr/bin/dc_server
+
+OPTIONS="-daemon -pidfile /var/run/dc_server.pid -user ${runas} -sessions ${sessions} -listen IP:${port}"
+
+start() {
+ echo -n $"Starting $prog: "
+ daemon $dc_server $OPTIONS
+ RETVAL=$?
+ echo
+ [ $RETVAL = 0 ] && touch /var/lock/subsys/dc_server
+ return $RETVAL
+}
+stop() {
+ echo -n $"Stopping $prog: "
+ killproc $dc_server
+ RETVAL=$?
+ echo
+ [ $RETVAL = 0 ] && rm -f /var/lock/subsys/dc_server /var/run/dc_server.pid
+}
+
+# See how we were called.
+case "$1" in
+ start)
+ start
+ ;;
+ stop)
+ stop
+ ;;
+ status)
+ status $dc_server
+ RETVAL=$?
+ ;;
+ restart)
+ stop
+ start
+ ;;
+ condrestart)
+ if [ -f /var/run/dc_server.pid ] ; then
+ stop
+ start
+ fi
+ ;;
+ reload)
+ reload
+ ;;
+ *)
+ echo $"Usage: $prog {start|stop|restart|condrestart|status|help}"
+ exit 1
+esac
+
+exit $RETVAL
--- /dev/null
+
+Fix dc_client: don't go setuid until after the pidfile has been written.
+
+--- distcache-1.4.5/sessclient/sclient.c.setuid
++++ distcache-1.4.5/sessclient/sclient.c
+@@ -267,13 +267,6 @@
+ if(sockperms && !NAL_LISTENER_set_fs_perms(listener, sockperms))
+ SYS_fprintf(SYS_stderr, "Warning, can't set socket permissions "
+ "to '%s', continuing anyway\n", sockperms);
+- if(user) {
+- if(!SYS_setuid(user)) {
+- SYS_fprintf(SYS_stderr, "Error, couldn't become user "
+- "'%s'.\n", user);
+- return 1;
+- }
+- }
+ #endif
+
+ /* Define a "now" value that can be used during initialisation and
+@@ -312,6 +305,13 @@
+ SYS_fprintf(fp, "%lu", (unsigned long)SYS_getpid());
+ fclose(fp);
+ }
++ if(user) {
++ if(!SYS_setuid(user)) {
++ SYS_fprintf(SYS_stderr, "Error, couldn't become user "
++ "'%s'.\n", user);
++ return 1;
++ }
++ }
+ #endif
+
+ /* Choose an appropriate select timeout relative to the retry period */