From 6a0aabede5875ad23dab777d0c2f6bac05fa2599 Mon Sep 17 00:00:00 2001
From: Martin Kosek <mkosek@redhat.com>
Date: Fri, 26 Jul 2013 10:58:52 +0200
Subject: Free NSS objects in --external-ca scenario

In external CA installation, ipa-server-install leaked NSS objects
which caused an installation crash later when a subsequent call of
NSSConnection tried to free them.

Properly freeing the NSS objects avoid this crash.

https://fedorahosted.org/freeipa/ticket/3773
---
 install/tools/ipa-server-install | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'install/tools')

diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index 672369c54..fafa14ea1 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -698,18 +698,23 @@ def main():
             sys.exit(1)
 
         certdict = dict((DN(str(cert.subject)), cert) for cert in extchain)
+        del extchain
         certissuer = DN(str(extcert.issuer))
         if certissuer not in certdict:
             print "The external certificate is not signed by the external CA (unknown issuer %s)." % certissuer
             sys.exit(1)
 
         cert = extcert
+        del extcert
         while cert.issuer != cert.subject:
             certissuer = DN(str(cert.issuer))
             if certissuer not in certdict:
                 print "The external CA chain is incomplete (%s is missing from the chain)." % certissuer
                 sys.exit(1)
+            del cert
             cert = certdict[certissuer]
+        del certdict
+        del cert
 
     # We only set up the CA if the PKCS#12 options are not given.
     if options.dirsrv_pkcs12:
-- 
cgit