diff options
| author | Endi S. Dewata <edewata@redhat.com> | 2014-09-16 20:11:35 -0400 |
|---|---|---|
| committer | Petr Viktorin <pviktori@dhcp-31-13.brq.redhat.com> | 2014-11-11 09:09:19 +0100 |
| commit | 80a8df3f193aa800740f1627a269e6973f57aa0a (patch) | |
| tree | 82f6add398a2a56413c8b1f23213d2aca4928284 /ipapython/nsslib.py | |
| parent | 74e0a8cebca251bf89144597f521440407a469ba (diff) | |
| download | freeipa-80a8df3f193aa800740f1627a269e6973f57aa0a.tar.gz freeipa-80a8df3f193aa800740f1627a269e6973f57aa0a.tar.xz freeipa-80a8df3f193aa800740f1627a269e6973f57aa0a.zip | |
Modififed NSSConnection not to shutdown existing database.
The NSSConnection class has been modified not to shutdown the
existing NSS database if the database is already opened to
establish an SSL connection, or is already opened by another
code that uses an NSS database without establishing an SSL
connection such as vault CLIs.
https://fedorahosted.org/freeipa/ticket/4638
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Diffstat (limited to 'ipapython/nsslib.py')
| -rw-r--r-- | ipapython/nsslib.py | 35 |
1 files changed, 23 insertions, 12 deletions
diff --git a/ipapython/nsslib.py b/ipapython/nsslib.py index 93b0c56fc..1452a2a58 100644 --- a/ipapython/nsslib.py +++ b/ipapython/nsslib.py @@ -31,6 +31,9 @@ import nss.ssl as ssl import nss.error as error from ipaplatform.paths import paths +# NSS database currently open +current_dbdir = None + def auth_certificate_callback(sock, check_sig, is_server, certdb): cert_is_valid = False @@ -184,19 +187,27 @@ class NSSConnection(httplib.HTTPConnection, NSSAddressFamilyFallback): httplib.HTTPConnection.__init__(self, host, port, strict) NSSAddressFamilyFallback.__init__(self, family) - if not dbdir: - raise RuntimeError("dbdir is required") - root_logger.debug('%s init %s', self.__class__.__name__, host) - if not no_init and nss.nss_is_initialized(): - # close any open NSS database and use the new one - ssl.clear_session_cache() - try: - nss.nss_shutdown() - except NSPRError, e: - if e.errno != error.SEC_ERROR_NOT_INITIALIZED: - raise e - nss.nss_init(dbdir) + + # If initialization is requested, initialize the new database. + if not no_init: + + if nss.nss_is_initialized(): + ssl.clear_session_cache() + try: + nss.nss_shutdown() + except NSPRError, e: + if e.errno != error.SEC_ERROR_NOT_INITIALIZED: + raise e + + if not dbdir: + raise RuntimeError("dbdir is required") + + nss.nss_init(dbdir) + + global current_dbdir + current_dbdir = dbdir + ssl.set_domestic_policy() nss.set_password_callback(self.password_callback) |