summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRob Crittenden <rcritten@redhat.com>2011-06-29 15:01:18 -0400
committerAdam Young <ayoung@redhat.com>2011-07-01 21:01:22 -0400
commit6ad7deb7ac1626caa37e60accdc492acfb88e4ba (patch)
tree91291976e5f7865d2190a1014c1a7ae34fad3fe8
parent3894a4f13d6e555e3d9c74bd4081d2690d58ad80 (diff)
downloadfreeipa-6ad7deb7ac1626caa37e60accdc492acfb88e4ba.zip
freeipa-6ad7deb7ac1626caa37e60accdc492acfb88e4ba.tar.gz
freeipa-6ad7deb7ac1626caa37e60accdc492acfb88e4ba.tar.xz
Set the client auth callback after creating the SSL connection.
If we set the callback before calling connect() then if the connection tries a network family type and fails, it will try other family types. If this happens then the callback set on the first socket will be lost when a new socket is created. There is no way to query for the callback in an existing socket. https://fedorahosted.org/freeipa/ticket/1349
-rw-r--r--ipapython/dogtag.py4
1 files changed, 2 insertions, 2 deletions
diff --git a/ipapython/dogtag.py b/ipapython/dogtag.py
index 5829717..969535e 100644
--- a/ipapython/dogtag.py
+++ b/ipapython/dogtag.py
@@ -80,11 +80,11 @@ def https_request(host, port, url, secdir, password, nickname, **kw):
"Accept": "text/plain"}
try:
conn = nsslib.NSSConnection(host, port, dbdir=secdir)
+ conn.set_debuglevel(0)
+ conn.connect()
conn.sock.set_client_auth_data_callback(nsslib.client_auth_data_callback,
nickname,
password, nss.get_default_certdb())
- conn.set_debuglevel(0)
- conn.connect()
conn.request("POST", url, post, request_headers)
res = conn.getresponse()