From 6fe0a898077a74924b6ccaf6dfbaf2d166175722 Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <ftweedal@redhat.com>
Date: Mon, 23 Nov 2015 12:09:32 +1100
Subject: Do not erroneously reinit NSS in Dogtag interface

The Dogtag interface always attempts to (re)init NSS, which can fail
with SEC_ERROR_BUSY.  Do not reinitialise NSS when it has already
been initialised with the given dbdir.

Part of: https://fedorahosted.org/freeipa/ticket/5459

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
---
 ipapython/dogtag.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'ipapython')

diff --git a/ipapython/dogtag.py b/ipapython/dogtag.py
index 71de96dc6..0436d5f46 100644
--- a/ipapython/dogtag.py
+++ b/ipapython/dogtag.py
@@ -265,7 +265,8 @@ def https_request(host, port, url, secdir, password, nickname,
     """
 
     def connection_factory(host, port):
-        conn = nsslib.NSSConnection(host, port, dbdir=secdir,
+        no_init = secdir == nsslib.current_dbdir
+        conn = nsslib.NSSConnection(host, port, dbdir=secdir, no_init=no_init,
                                     tls_version_min=api.env.tls_version_min,
                                     tls_version_max=api.env.tls_version_max)
         conn.set_debuglevel(0)
-- 
cgit