This introduces some new challenges for us. NSS needs to be initialized for you to do any sort of operations otherwise you get ugly segfaults. So I added in some catch-all no_db inits to try to prevent this. I also had to add in some code when making SSL requests so that the right database is opened. AFAIK NSS still lacks the ability to operate on multiple databases concurrently. Once that is available this code becomes lots better.
Despite this, using the NSS parser is still safer. My PKCS#10 parser seemed ok but getting the extension requests out was a nightmare. It is much easier with python-nss.
_______________________________________________ Freeipa-devel mailing list Freeipafirstname.lastname@example.org https://www.redhat.com/mailman/listinfo/freeipa-devel