Updated mod_revocator packages that fix four bugs are now available for Red Hat Enterprise Linux 5.
The mod_revocator module retrieves and installs remote Certificate Revocation Lists (CRLs) into an Apache web server.
Prior to this update, the mod_revoc module could not shut down the httpd server on 32-bit platforms and the error log infinitely reported the error message "service httpd status httpd (pid ) when an expired CRL was downloaded. This update modifies mod_revocator so that the httpd server can correctly shut down and the error log now reports the error message "service httpd status httpd dead but subsys locked".
Prior to this update, the mod_revoc module could not shut down the httpd server on 32-bit platforms when CRLUpdate failed. This update modifies mod_revocator so that the httpd server can correctly shut down when updating the CRL fails.
Prior to this update, httpd failed to start if the 32-bit mod_revocator was installed on a 64-bit PowerPC platform. This update modifies the initialization size of the static array. Now, httpd servicestarts as expected.
Prior to this update, CRLs could, under certain circumsatances, silently fail to be downloaded without any error message when the mod_revocator module was loaded successfully. This update resolves two segmentation violations. In addition, the setsebool -P httpd_can_network_connect=1 command can now be used to allow httpd to connect to a remote port which SELinux would otherwise deny when running mod_revocator. Now, CRLs are downloaded correctly when the mod_revocator module is running.
All users of mod_revocator are advised to upgrade to these updated packages, which fix these bugs.