[Freeipa-devel] [PATCH] 488 use the python-nss CertificateRequest object
Rob Crittenden
rcritten at redhat.com
Thu Jul 29 14:51:25 UTC 2010
Adam Young wrote:
> On 07/20/2010 02:12 PM, Rob Crittenden wrote:
>> This drops our own PKCS#10 parser and uses the one from python-nss. I
>> had to bump up the minimum required version of python-nss to pick up
>> some new API for this.
>>
>> This introduces some new challenges for us. NSS needs to be
>> initialized for you to do any sort of operations otherwise you get
>> ugly segfaults. So I added in some catch-all no_db inits to try to
>> prevent this. I also had to add in some code when making SSL requests
>> so that the right database is opened. AFAIK NSS still lacks the
>> ability to operate on multiple databases concurrently. Once that is
>> available this code becomes lots better.
>>
>> Despite this, using the NSS parser is still safer. My PKCS#10 parser
>> seemed ok but getting the extension requests out was a nightmare. It
>> is much easier with python-nss.
>>
>> rob
>>
>>
>> _______________________________________________
>> Freeipa-devel mailing list
>> Freeipa-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-devel
> ACK
Pushed to master
More information about the Freeipa-devel
mailing list