Do not erroneously reinit NSS in Dogtag interface

The Dogtag interface always attempts to (re)init NSS, which can fail
with SEC_ERROR_BUSY.  Do not reinitialise NSS when it has already
been initialised with the given dbdir.

Part of: https://fedorahosted.org/freeipa/ticket/5459

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
This commit is contained in:
Fraser Tweedale 2015-11-23 12:09:32 +11:00 committed by Jan Cholasta
parent 2ef1eb0ae7
commit 6fe0a89807

View File

@ -265,7 +265,8 @@ def https_request(host, port, url, secdir, password, nickname,
"""
def connection_factory(host, port):
conn = nsslib.NSSConnection(host, port, dbdir=secdir,
no_init = secdir == nsslib.current_dbdir
conn = nsslib.NSSConnection(host, port, dbdir=secdir, no_init=no_init,
tls_version_min=api.env.tls_version_min,
tls_version_max=api.env.tls_version_max)
conn.set_debuglevel(0)