[Freeipa-devel] [PATCH] 488 use the python-nss CertificateRequest object
Rob Crittenden
rcritten at redhat.com
Tue Jul 20 18:12:02 UTC 2010
This drops our own PKCS#10 parser and uses the one from python-nss. I
had to bump up the minimum required version of python-nss to pick up
some new API for this.
This introduces some new challenges for us. NSS needs to be initialized
for you to do any sort of operations otherwise you get ugly segfaults.
So I added in some catch-all no_db inits to try to prevent this. I also
had to add in some code when making SSL requests so that the right
database is opened. AFAIK NSS still lacks the ability to operate on
multiple databases concurrently. Once that is available this code
becomes lots better.
Despite this, using the NSS parser is still safer. My PKCS#10 parser
seemed ok but getting the extension requests out was a nightmare. It is
much easier with python-nss.
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-488-csr.patch
Type: application/mbox
Size: 38319 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20100720/7fd11554/attachment.mbox>
More information about the Freeipa-devel
mailing list