|
 |
2e9388 |
From b5aec7bdc5a164133b247925c41d1d41e29a63e5 Mon Sep 17 00:00:00 2001
|
|
|
2e9388 |
From: Fraser Tweedale <ftweedal@redhat.com>
|
|
|
2e9388 |
Date: Mon, 23 Nov 2015 12:09:32 +1100
|
|
|
2e9388 |
Subject: [PATCH] Do not erroneously reinit NSS in Dogtag interface
|
|
|
2e9388 |
|
|
|
2e9388 |
The Dogtag interface always attempts to (re)init NSS, which can fail
|
|
|
2e9388 |
with SEC_ERROR_BUSY. Do not reinitialise NSS when it has already
|
|
|
2e9388 |
been initialised with the given dbdir.
|
|
|
2e9388 |
|
|
|
2e9388 |
Part of: https://fedorahosted.org/freeipa/ticket/5459
|
|
|
2e9388 |
|
|
|
2e9388 |
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
|
|
2e9388 |
---
|
|
|
2e9388 |
ipapython/dogtag.py | 3 ++-
|
|
|
2e9388 |
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
|
2e9388 |
|
|
|
2e9388 |
diff --git a/ipapython/dogtag.py b/ipapython/dogtag.py
|
|
|
2e9388 |
index 26b2de6ca77202fa9ccc61ee16ed7623e10ecb5f..8996902ba92f0fdd6106e2650c2decde375c593b 100644
|
|
|
2e9388 |
--- a/ipapython/dogtag.py
|
|
|
2e9388 |
+++ b/ipapython/dogtag.py
|
|
|
2e9388 |
@@ -255,7 +255,8 @@ def https_request(host, port, url, secdir, password, nickname,
|
|
|
2e9388 |
"""
|
|
|
2e9388 |
|
|
|
2e9388 |
def connection_factory(host, port):
|
|
|
2e9388 |
- conn = nsslib.NSSConnection(host, port, dbdir=secdir,
|
|
|
2e9388 |
+ no_init = secdir == nsslib.current_dbdir
|
|
|
2e9388 |
+ conn = nsslib.NSSConnection(host, port, dbdir=secdir, no_init=no_init,
|
|
|
2e9388 |
tls_version_min=api.env.tls_version_min,
|
|
|
2e9388 |
tls_version_max=api.env.tls_version_max)
|
|
|
2e9388 |
conn.set_debuglevel(0)
|
|
|
2e9388 |
--
|
|
|
2e9388 |
2.4.3
|
|
|
2e9388 |
|