Bug 346591

Summary: Port autofs to use NSS library for cryptography
Product: [Fedora] Fedora Reporter: Peter Vrabec <pvrabec>
Component: autofsAssignee: Ian Kent <ikent>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: rawhideCC: ikent, jmoyer, tmraz
Target Milestone: ---Keywords: FutureFeature
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-08-31 11:11:49 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 333741    

Description Peter Vrabec 2007-10-23 10:16:44 UTC 
autofs should be ported to use NSS library for cryptography.
See the tracking bug for details and links on how it could be done.
Comment 1 Jeff Moyer 2007-11-02 16:43:33 UTC 
We will look into this, but this is a long-term project.
Comment 2 Fedora Admin XMLRPC Client 2009-02-24 16:15:39 UTC 
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.
Comment 3 Jeff Moyer 2009-08-21 15:31:27 UTC 
Ian, sorry I haven't been able to get to this.
Comment 4 Ian Kent 2009-08-31 09:23:15 UTC 
(In reply to comment #0)
> autofs should be ported to use NSS library for cryptography.
> See the tracking bug for details and links on how it could be done.  

I'm confused as to what actually needs to be done here?

autofs uses one or two openssl calls purely to prevent SEGVs
caused by the openssl library when unloading and reloading
it's lookup modules that depend on it only indirectly. Other
than this all openssl interaction is done entirely by these
dependent libraries and not by autofs itself.

OTOH, is the NSS library thread safe (I expect it is) and
does it use Thread Specific Data (TSD) keys? We have had
problems with shared libraries that make assumptions about
their status wrt. being unloaded when using TSD keys. The
library libxml2 is definitely broken and libtirpc is open
to question but is probably broken. The Kerberos library is
the only shared library known to survive this library
unloading and reloading when using TSD keys so far. How
about the NSS library and its use of TSD keys?

Ian
Comment 5 Tomas Mraz 2009-08-31 11:11:49 UTC 
Let's close as NOTABUG then.
Comment 6 Jeff Moyer 2009-08-31 13:46:16 UTC 
There was a push in Fedora to get rid of multiple implementations of ssl libraries.  I believe that was the impetus for this bugzilla.  If that is no longer a goal, then I'm fine closing this out.
Comment 7 Ian Kent 2009-08-31 14:51:08 UTC 
(In reply to comment #5)
> Let's close as NOTABUG then.  

Yeah, hopefully the link will fail if the libraries of
dependent subsystems change and then I cam remove those
couple of calls I do have.

Ian