[Freeipa-devel] [PATCH] 811 Set the client auth callback after creating the SSL connection.
John Dennis
jdennis at redhat.com
Wed Jun 29 20:08:28 UTC 2011
On 06/29/2011 03:08 PM, Rob Crittenden wrote:
> If we set the callback before calling connect() then if the connection
> tries a network family type and fails, it will try other family types.
> If this happens then the callback set on the first socket will be lost
> when a new socket is created. There is no way to query for the callback
> in an existing socket.
I'm tempted to NAK this. In part because I don't really understand why
it works, but more because nsslib.py doesn't seem to be handling
addresses, sockets and connections correctly. At first glance it appears
to only create a new socket when switching families. I also don't
understand the logic behind the family code.
But most importantly it seems to shutdown NSS every time you make a
connection. What happens when you want more than one simultaneous
connection?
Maybe we need to open a ticket to review nsslib.py.
--
John Dennis <jdennis at redhat.com>
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeipa-devel
mailing list