In external CA installation, ipa-server-install leaked NSS objects which caused an installation crash later when a subsequent call of NSSConnection tried to free them.
Properly freeing the NSS objects avoid this crash. https://fedorahosted.org/freeipa/ticket/3773 -- Martin Kosek <[email protected]> Supervisor, Software Engineering - Identity Management Team Red Hat Inc.
From f5b3e77655cf222da728bcd1c5471510714eec84 Mon Sep 17 00:00:00 2001 From: Martin Kosek <[email protected]> Date: Fri, 26 Jul 2013 10:58:52 +0200 Subject: [PATCH] Free NSS objects in --external-ca scenario In external CA installation, ipa-server-install leaked NSS objects which caused an installation crash later when a subsequent call of NSSConnection tried to free them. Properly freeing the NSS objects avoid this crash. https://fedorahosted.org/freeipa/ticket/3773 --- install/tools/ipa-server-install | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index 672369c54ddef0f61893dba31d3acac833dbff36..fafa14ea18195546b160c175d7fd656a066327b5 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -698,18 +698,23 @@ def main(): sys.exit(1) certdict = dict((DN(str(cert.subject)), cert) for cert in extchain) + del extchain certissuer = DN(str(extcert.issuer)) if certissuer not in certdict: print "The external certificate is not signed by the external CA (unknown issuer %s)." % certissuer sys.exit(1) cert = extcert + del extcert while cert.issuer != cert.subject: certissuer = DN(str(cert.issuer)) if certissuer not in certdict: print "The external CA chain is incomplete (%s is missing from the chain)." % certissuer sys.exit(1) + del cert cert = certdict[certissuer] + del certdict + del cert # We only set up the CA if the PKCS#12 options are not given. if options.dirsrv_pkcs12: -- 1.8.3.1
_______________________________________________ Freeipa-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-devel
