Red Hat Bugzilla – Bug 346591
Port autofs to use NSS library for cryptography
Last modified: 2009-08-31 10:51:08 EDT
autofs should be ported to use NSS library for cryptography.
See the tracking bug for details and links on how it could be done.
We will look into this, but this is a long-term project.
This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component.
Ian, sorry I haven't been able to get to this.
(In reply to comment #0)
> autofs should be ported to use NSS library for cryptography.
> See the tracking bug for details and links on how it could be done.
I'm confused as to what actually needs to be done here?
autofs uses one or two openssl calls purely to prevent SEGVs
caused by the openssl library when unloading and reloading
it's lookup modules that depend on it only indirectly. Other
than this all openssl interaction is done entirely by these
dependent libraries and not by autofs itself.
OTOH, is the NSS library thread safe (I expect it is) and
does it use Thread Specific Data (TSD) keys? We have had
problems with shared libraries that make assumptions about
their status wrt. being unloaded when using TSD keys. The
library libxml2 is definitely broken and libtirpc is open
to question but is probably broken. The Kerberos library is
the only shared library known to survive this library
unloading and reloading when using TSD keys so far. How
about the NSS library and its use of TSD keys?
Let's close as NOTABUG then.
There was a push in Fedora to get rid of multiple implementations of ssl libraries. I believe that was the impetus for this bugzilla. If that is no longer a goal, then I'm fine closing this out.
(In reply to comment #5)
> Let's close as NOTABUG then.
Yeah, hopefully the link will fail if the libraries of
dependent subsystems change and then I cam remove those
couple of calls I do have.