Rob Crittenden wrote:
This drops our own PKCS#10 parser and uses the one from python-nss. I
had to bump up the minimum required version of python-nss to pick up
some new API for this.
This introduces some new challenges for us. NSS needs to be
initialized for you to do any sort of operations otherwise you get
ugly segfaults. So I added in some catch-all no_db inits to try to
prevent this. I also had to add in some code when making SSL requests
so that the right database is opened. AFAIK NSS still lacks the
ability to operate on multiple databases concurrently. Once that is
available this code becomes lots better.
Despite this, using the NSS parser is still safer. My PKCS#10 parser
seemed ok but getting the extension requests out was a nightmare. It
is much easier with python-nss.
Does python-nss expose the NSS_InitContext api?
rob
------------------------------------------------------------------------
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel