From 6ad7deb7ac1626caa37e60accdc492acfb88e4ba Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Wed, 29 Jun 2011 15:01:18 -0400
Subject: Set the client auth callback after creating the SSL connection.

If we set the callback before calling connect() then if the connection
tries a network family type and fails, it will try other family types.
If this happens then the callback set on the first socket will be lost
when a new socket is created. There is no way to query for the callback
in an existing socket.

https://fedorahosted.org/freeipa/ticket/1349
---
 ipapython/dogtag.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'ipapython/dogtag.py')

diff --git a/ipapython/dogtag.py b/ipapython/dogtag.py
index 582971734..969535e4b 100644
--- a/ipapython/dogtag.py
+++ b/ipapython/dogtag.py
@@ -80,11 +80,11 @@ def https_request(host, port, url, secdir, password, nickname, **kw):
                        "Accept": "text/plain"}
     try:
         conn = nsslib.NSSConnection(host, port, dbdir=secdir)
+        conn.set_debuglevel(0)
+        conn.connect()
         conn.sock.set_client_auth_data_callback(nsslib.client_auth_data_callback,
                                                 nickname,
                                                 password, nss.get_default_certdb())
-        conn.set_debuglevel(0)
-        conn.connect()
         conn.request("POST", url, post, request_headers)
 
         res = conn.getresponse()
-- 
cgit