diff options
author | Fraser Tweedale <ftweedal@redhat.com> | 2015-11-23 12:09:32 +1100 |
---|---|---|
committer | Jan Cholasta <jcholast@redhat.com> | 2015-11-24 10:12:24 +0100 |
commit | 6fe0a898077a74924b6ccaf6dfbaf2d166175722 (patch) | |
tree | 902904f5e8703ed99bb11c25c9d5ea61e683e092 | |
parent | 2ef1eb0ae75270d37dcbb106e431a98eb02f0993 (diff) | |
download | freeipa-6fe0a898077a74924b6ccaf6dfbaf2d166175722.tar.gz freeipa-6fe0a898077a74924b6ccaf6dfbaf2d166175722.tar.xz freeipa-6fe0a898077a74924b6ccaf6dfbaf2d166175722.zip |
Do not erroneously reinit NSS in Dogtag interface
The Dogtag interface always attempts to (re)init NSS, which can fail
with SEC_ERROR_BUSY. Do not reinitialise NSS when it has already
been initialised with the given dbdir.
Part of: https://fedorahosted.org/freeipa/ticket/5459
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
-rw-r--r-- | ipapython/dogtag.py | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/ipapython/dogtag.py b/ipapython/dogtag.py index 71de96dc6..0436d5f46 100644 --- a/ipapython/dogtag.py +++ b/ipapython/dogtag.py @@ -265,7 +265,8 @@ def https_request(host, port, url, secdir, password, nickname, """ def connection_factory(host, port): - conn = nsslib.NSSConnection(host, port, dbdir=secdir, + no_init = secdir == nsslib.current_dbdir + conn = nsslib.NSSConnection(host, port, dbdir=secdir, no_init=no_init, tls_version_min=api.env.tls_version_min, tls_version_max=api.env.tls_version_max) conn.set_debuglevel(0) |