Forum OpenACS Development: Re: Proposed corrections to OpenACS default nsopenssl configuration

Richard,

What version of config.tcl are you working from?

cvs head doesn't seem to have the duplicate condition statement as far as I can tell: http://fisheye.openacs.org/browse/OpenACS/openacs-4/etc/config.tcl?r=HEAD

What are the logfile errors you were seeing that this proposal resolves?

Torben

Torben,

I am working from a recent HEAD checkout, and the errors I am referring to are those referred to in the comments at lines 399 to 401 of config.tcl.

I note that the duplicate conditional is not present in this file, and I suspect a slip of the paste finger at some point in my editor!!

The rest on my code should be fine as it has been taken from a working installation!

Can't get the staff!! 😉

R.

Hi Richard,

Hardcoding the pem files to that location won't work for OSes that place aolserver somewhere else in the file hierarchy (such as freebsd).

The server should be able to read the pem files of any os when they are located within $serverroot, which is why the config.tcl currently references them at ${serverroot}/etc/certs by default.

The files need to be accessible by the running aolserver, and so should be given the usual file permissions for that.

If for some reason, it's decided to make these changes to config.tcl, a moduleroot variable should be defined early in config.tcl for this use, since aolserver modules are placed in various locations in various OSes and distributions.

cheers,

Torben