[Freeipa-devel] [freeipa PR#367][opened] Remove nsslib from IPA
stlaz
freeipa-github-notification at redhat.com
Wed Jan 4 08:53:32 UTC 2017
URL: https://github.com/freeipa/freeipa/pull/367
Author: stlaz
Title: #367: Remove nsslib from IPA
Action: opened
PR body:
"""
This batch of patches removes NSSConnection along with the whole ipapython.nsslib from IPA and replaces it with more standard httplib.HTTPSConnection.
NSSConnection was causing a lot of trouble in the past because it is apparently very fragile when it comes to nss library initialization. On top of that, when NSSConnection is used to set up an HTTPS connection in FIPS, it always requires a password to NSS database as NSS apparently tries to create a temporary private key and store it to the database even though client authentication is not required in the SSL connection.
TODO (will require changes in certmonger/dogatg.c):
- [ ] we may probably remove ipaCert from /etc/httpd/alias and stop tracking it with certmonger
- [ ] once ^- is done, track /var/lib/ipa/ra-agent.pem in certmonger instead
https://fedorahosted.org/freeipa/ticket/5695
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/367/head:pr367
git checkout pr367
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pr-367.patch
Type: text/x-diff
Size: 50848 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20170104/2e0932d7/attachment.bin>
More information about the Freeipa-devel
mailing list