httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Peter Arseneau" <peter.arsen...@cloakware.com>
Subject FIPS mode for MOD_SSL
Date Wed, 18 Nov 2009 19:01:17 GMT
Dear Apache developer,

 

(this is related to Apache bugzilla 46270)

 

I'm attempting to build a FIPS compliant version of Apache 2.2.14.

I've applied a patch to the SSL modules directory and it seems to work,

except httpd ends up calling "ssl_init_Module" more than once.   The
first

time(s), httpd initializes correctly.

 

On the final run, the base_server->FIPS flag is not pre-initialized and

httpd always seems to start in FIPS mode.

 

Could this be related to changes made in server/main.c?

I've attached main.c from the latest Apache (2.2.14) , and the patched
version of

ssl_engine_init.c.

 

       for (mod = ap_prelinked_modules; *mod != NULL; mod++) {

            ap_register_hooks(*mod, pconf);

        }

 

        /* This is a hack until we finish the code so that it only reads

         * the config file once and just operates on the tree already in

         * memory.  rbb

         */

 

(etc.)

 

        if (ap_run_post_config(pconf, plog, ptemp, server_conf) != OK)

(This is where ssl_init_Module is re-run but with an uninitialized
sc->FIPS flag)

 

Any help would be most welcome.

If you need more information, please feel free to ask.

 

Yours truly,

 

Peter Arseneau

 

 


Mime
View raw message