1.169. mod_nss

An updated mod_nss package that fixes various bugs is now available for Red Hat Enterprise Linux 6.
The mod_nss module provides strong cryptography for the Apache HTTP Server via the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, using the Network Security Services (NSS) security library.
Bug Fixes
During the Apache HTTP Server startup, a race condition could prevent one or more child processes from receiving the token PIN, rendering such processes unable to use SSL. With this update, the race condition no longer occurs, and all child processes of the Apache HTTP Server can enable SSL as expected.
Due to an incorrect use of the memcpy() function in the mod_nss module, running the Apache HTTP Server with this module enabled could cause some requests to fail with the following message written to the error_log file:
request failed: error reading the headers
This update applies a patch to ensure that the memcpy() function is now used in accordance with the current specification, and using the mod_nss module no longer causes HTTP requests to fail.
Under certain circumstances, a large "POST" request could cause the mod_nss module to enter an infinite loop. With this update, the underlying source code has been adapted to address this issue, and mod_nss now works as expected.
The mod_nss module is shipped with the gencert utility that generates the default NSS database. Prior to this update, this utility was installed without any documentation on its usage. This error has been fixed, and a manual page for gencert is now included as expected.
All users of mod_nss are advised to upgrade to this updated package, which fixes these bugs.