[Freeipa-devel] [PATCH] 488 use the python-nss CertificateRequest object
Rich Megginson
rmeggins at redhat.com
Tue Jul 20 18:21:41 UTC 2010
Rob Crittenden wrote:
> This drops our own PKCS#10 parser and uses the one from python-nss. I
> had to bump up the minimum required version of python-nss to pick up
> some new API for this.
>
> This introduces some new challenges for us. NSS needs to be
> initialized for you to do any sort of operations otherwise you get
> ugly segfaults. So I added in some catch-all no_db inits to try to
> prevent this. I also had to add in some code when making SSL requests
> so that the right database is opened. AFAIK NSS still lacks the
> ability to operate on multiple databases concurrently. Once that is
> available this code becomes lots better.
>
> Despite this, using the NSS parser is still safer. My PKCS#10 parser
> seemed ok but getting the extension requests out was a nightmare. It
> is much easier with python-nss.
Does python-nss expose the NSS_InitContext api?
>
> rob
> ------------------------------------------------------------------------
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
More information about the Freeipa-devel
mailing list