Bug 346591 - Port autofs to use NSS library for cryptography
Port autofs to use NSS library for cryptography
Product: Fedora
Classification: Fedora
Component: autofs (Show other bugs)
All Linux
low Severity low
: ---
: ---
Assigned To: Ian Kent
Fedora Extras Quality Assurance
: FutureFeature
Depends On:
Blocks: CryptoConsolidation
  Show dependency treegraph
Reported: 2007-10-23 06:16 EDT by Peter Vrabec
Modified: 2009-08-31 10:51 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-08-31 07:11:49 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Peter Vrabec 2007-10-23 06:16:44 EDT
autofs should be ported to use NSS library for cryptography.
See the tracking bug for details and links on how it could be done.
Comment 1 Jeff Moyer 2007-11-02 12:43:33 EDT
We will look into this, but this is a long-term project.
Comment 2 Fedora Admin XMLRPC Client 2009-02-24 11:15:39 EST
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.
Comment 3 Jeff Moyer 2009-08-21 11:31:27 EDT
Ian, sorry I haven't been able to get to this.
Comment 4 Ian Kent 2009-08-31 05:23:15 EDT
(In reply to comment #0)
> autofs should be ported to use NSS library for cryptography.
> See the tracking bug for details and links on how it could be done.  

I'm confused as to what actually needs to be done here?

autofs uses one or two openssl calls purely to prevent SEGVs
caused by the openssl library when unloading and reloading
it's lookup modules that depend on it only indirectly. Other
than this all openssl interaction is done entirely by these
dependent libraries and not by autofs itself.

OTOH, is the NSS library thread safe (I expect it is) and
does it use Thread Specific Data (TSD) keys? We have had
problems with shared libraries that make assumptions about
their status wrt. being unloaded when using TSD keys. The
library libxml2 is definitely broken and libtirpc is open
to question but is probably broken. The Kerberos library is
the only shared library known to survive this library
unloading and reloading when using TSD keys so far. How
about the NSS library and its use of TSD keys?

Comment 5 Tomas Mraz 2009-08-31 07:11:49 EDT
Let's close as NOTABUG then.
Comment 6 Jeff Moyer 2009-08-31 09:46:16 EDT
There was a push in Fedora to get rid of multiple implementations of ssl libraries.  I believe that was the impetus for this bugzilla.  If that is no longer a goal, then I'm fine closing this out.
Comment 7 Ian Kent 2009-08-31 10:51:08 EDT
(In reply to comment #5)
> Let's close as NOTABUG then.  

Yeah, hopefully the link will fail if the libraries of
dependent subsystems change and then I cam remove those
couple of calls I do have.


Note You need to log in before you can comment on or make changes to this bug.