Do not erroneously reinit NSS in Dogtag interface

The Dogtag interface always attempts to (re)init NSS, which can fail with SEC_ERROR_BUSY. Do not reinitialise NSS when it has already been initialised with the given dbdir. Part of: https://fedorahosted.org/freeipa/ticket/5459 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
author: Fraser Tweedale <ftweedal@redhat.com> 2015-11-23 12:09:32 +1100
committer: Jan Cholasta <jcholast@redhat.com> 2015-11-24 10:12:24 +0100
commit: 6fe0a898077a74924b6ccaf6dfbaf2d166175722 (patch)
tree: 902904f5e8703ed99bb11c25c9d5ea61e683e092
parent: 2ef1eb0ae75270d37dcbb106e431a98eb02f0993 (diff)
download: freeipa-6fe0a898077a74924b6ccaf6dfbaf2d166175722.tar.gz
freeipa-6fe0a898077a74924b6ccaf6dfbaf2d166175722.tar.xz
freeipa-6fe0a898077a74924b6ccaf6dfbaf2d166175722.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/ipapython/dogtag.py b/ipapython/dogtag.py
index 71de96dc6..0436d5f46 100644
--- a/ipapython/dogtag.py
+++ b/ipapython/dogtag.py
@@ -265,7 +265,8 @@ def https_request(host, port, url, secdir, password, nickname,
     """
 
     def connection_factory(host, port):
-        conn = nsslib.NSSConnection(host, port, dbdir=secdir,
+        no_init = secdir == nsslib.current_dbdir
+        conn = nsslib.NSSConnection(host, port, dbdir=secdir, no_init=no_init,
                                     tls_version_min=api.env.tls_version_min,
                                     tls_version_max=api.env.tls_version_max)
         conn.set_debuglevel(0)
author	Fraser Tweedale <ftweedal@redhat.com>	2015-11-23 12:09:32 +1100
committer	Jan Cholasta <jcholast@redhat.com>	2015-11-24 10:12:24 +0100
commit	6fe0a898077a74924b6ccaf6dfbaf2d166175722 (patch)
tree	902904f5e8703ed99bb11c25c9d5ea61e683e092
parent	2ef1eb0ae75270d37dcbb106e431a98eb02f0993 (diff)
download	freeipa-6fe0a898077a74924b6ccaf6dfbaf2d166175722.tar.gz freeipa-6fe0a898077a74924b6ccaf6dfbaf2d166175722.tar.xz freeipa-6fe0a898077a74924b6ccaf6dfbaf2d166175722.zip