diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2013-01-16 13:20:14 -0500 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2013-01-23 14:26:42 -0500 |
| commit | 31e41eea6c2322689826e6065ceba82551c565aa (patch) | |
| tree | 602a0148d9adb7e5725b037910a71a0cccfeb7ea /ipa-client/ipa-install/ipa-client-install | |
| parent | a1991aeac19c3fec1fdd0d184c6760c90c9f9fc9 (diff) | |
| download | freeipa-31e41eea6c2322689826e6065ceba82551c565aa.tar.gz freeipa-31e41eea6c2322689826e6065ceba82551c565aa.tar.xz freeipa-31e41eea6c2322689826e6065ceba82551c565aa.zip | |
Don't initialize NSS if we don't have to, clean up unused cert refs
Check to see if NSS is initialized before trying to do so again.
If we are temporarily creating a certificate be sure to delete it in order
to remove references to it and avoid NSS shutdown issues.
In the certificate load validator shut down NSS if we end up initializing
it. I'm not entirely sure why but this prevents a later shutdown issue
if we are passed the --ca-cert-file option.
Diffstat (limited to 'ipa-client/ipa-install/ipa-client-install')
| -rwxr-xr-x | ipa-client/ipa-install/ipa-client-install | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install index bd299f9b..f068c9d3 100755 --- a/ipa-client/ipa-install/ipa-client-install +++ b/ipa-client/ipa-install/ipa-client-install @@ -48,6 +48,7 @@ try: from ipapython.dn import DN from ipapython.ssh import SSHPublicKey from ipalib.rpc import delete_persistent_client_session_data + import nss.nss as nss import SSSDConfig from ConfigParser import RawConfigParser from optparse import SUPPRESS_HELP, OptionGroup, OptionValueError @@ -77,10 +78,15 @@ def parse_options(): if not os.path.isabs(value): raise OptionValueError("%s option '%s' is not an absolute file path" % (opt, value)) + initialized = nss.nss_is_initialized() try: cert = x509.load_certificate_from_file(value) except Exception, e: raise OptionValueError("%s option '%s' is not a valid certificate file" % (opt, value)) + else: + del(cert) + if not initialized: + nss.nss_shutdown() parser.values.ca_cert_file = value @@ -1372,6 +1378,8 @@ def get_ca_cert_from_file(url): except Exception, e: raise errors.FileError(reason = u"cannot write certificate file '%s': %s" % (CACERT, e)) + else: + del(cert) def get_ca_cert_from_http(url, ca_file, warn=True): ''' @@ -1478,6 +1486,8 @@ def validate_new_ca_cert(existing_ca_cert, ca_file, ask, override=False): root_logger.debug( "Existing CA cert and Retrieved CA cert are identical") os.remove(ca_file) + del(existing_ca_cert) + del(new_ca_cert) def get_ca_cert(fstore, options, server, basedn): |