diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2010-07-20 14:00:43 -0400 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2010-07-29 10:50:10 -0400 |
| commit | b7ca3d68c28b54500a2f908c4e2e6c89b2433461 (patch) | |
| tree | fca9d664df546fca527a8194e0b4e9e301aa1b06 /ipapython/nsslib.py | |
| parent | 563c7cde407bc63621a14b1fddff972a105dfc50 (diff) | |
| download | freeipa-b7ca3d68c28b54500a2f908c4e2e6c89b2433461.tar.gz freeipa-b7ca3d68c28b54500a2f908c4e2e6c89b2433461.tar.xz freeipa-b7ca3d68c28b54500a2f908c4e2e6c89b2433461.zip | |
Drop our own PKCS#10 ASN.1 decoder and use the one from python-nss
This patch:
- bumps up the minimum version of python-nss
- will initialize NSS with nodb if a CSR is loaded and it isn't already
init'd
- will shutdown NSS if initialized in the RPC subsystem so we use right db
- updated and added a few more tests
Relying more on NSS introduces a bit of a problem. For NSS to work you
need to have initialized a database (either a real one or no_db). But once
you've initialized one and want to use another you have to close down the
first one. I've added some code to nsslib.py to do just that. This could
potentially have some bad side-effects at some point, it works ok now.
Diffstat (limited to 'ipapython/nsslib.py')
| -rw-r--r-- | ipapython/nsslib.py | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/ipapython/nsslib.py b/ipapython/nsslib.py index 02bff00a8..7e249b3ba 100644 --- a/ipapython/nsslib.py +++ b/ipapython/nsslib.py @@ -122,6 +122,10 @@ class NSSConnection(httplib.HTTPConnection): raise RuntimeError("dbdir is required") logging.debug('%s init %s', self.__class__.__name__, host) + if nss.nss_is_initialized(): + # close any open NSS database and use the new one + ssl.clear_session_cache() + nss.nss_shutdown() nss.nss_init(dbdir) ssl.set_domestic_policy() nss.set_password_callback(self.password_callback) |