If we set the callback before calling connect() then if the connection
tries a network family type and fails, it will try other family types.
If this happens then the callback set on the first socket will be lost
when a new socket is created. There is no way to query for the callback
in an existing socket.
https://fedorahosted.org/freeipa/ticket/1349
rob
>From fce79bfe8db1e4b45cb688ebb257bdea333786ca Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcrit...@redhat.com>
Date: Wed, 29 Jun 2011 15:01:18 -0400
Subject: [PATCH] Set the client auth callback after creating the SSL connection.
If we set the callback before calling connect() then if the connection
tries a network family type and fails, it will try other family types.
If this happens then the callback set on the first socket will be lost
when a new socket is created. There is no way to query for the callback
in an existing socket.
https://fedorahosted.org/freeipa/ticket/1349
---
ipapython/dogtag.py | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/ipapython/dogtag.py b/ipapython/dogtag.py
index 582971734e25e9e4ceac8cc4168d955f45e65a15..969535e4b95d3fc7f7f5202000bb29deef558e32 100644
--- a/ipapython/dogtag.py
+++ b/ipapython/dogtag.py
@@ -80,11 +80,11 @@ def https_request(host, port, url, secdir, password, nickname, **kw):
"Accept": "text/plain"}
try:
conn = nsslib.NSSConnection(host, port, dbdir=secdir)
+ conn.set_debuglevel(0)
+ conn.connect()
conn.sock.set_client_auth_data_callback(nsslib.client_auth_data_callback,
nickname,
password, nss.get_default_certdb())
- conn.set_debuglevel(0)
- conn.connect()
conn.request("POST", url, post, request_headers)
res = conn.getresponse()
--
1.7.4
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel