[Freeipa-devel] [PATCH] 488 use the python-nss CertificateRequest object

Rob Crittenden rcritten at redhat.com
Tue Jul 20 18:12:02 UTC 2010


This drops our own PKCS#10 parser and uses the one from python-nss. I 
had to bump up the minimum required version of python-nss to pick up 
some new API for this.

This introduces some new challenges for us. NSS needs to be initialized 
for you to do any sort of operations otherwise you get ugly segfaults. 
So I added in some catch-all no_db inits to try to prevent this. I also 
had to add in some code when making SSL requests so that the right 
database is opened. AFAIK NSS still lacks the ability to operate on 
multiple databases concurrently. Once that is available this code 
becomes lots better.

Despite this, using the NSS parser is still safer. My PKCS#10 parser 
seemed ok but getting the extension requests out was a nightmare. It is 
much easier with python-nss.

rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-488-csr.patch
Type: application/mbox
Size: 38319 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20100720/7fd11554/attachment.mbox>


More information about the Freeipa-devel mailing list