Bug 346591 - Port autofs to use NSS library for cryptography
Summary: Port autofs to use NSS library for cryptography
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: autofs
Version: rawhide
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Ian Kent
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: CryptoConsolidation
TreeView+ depends on / blocked
 
Reported: 2007-10-23 10:16 UTC by Peter Vrabec
Modified: 2009-08-31 14:51 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-08-31 11:11:49 UTC


Attachments (Terms of Use)

Description Peter Vrabec 2007-10-23 10:16:44 UTC
autofs should be ported to use NSS library for cryptography.
See the tracking bug for details and links on how it could be done.

Comment 1 Jeff Moyer 2007-11-02 16:43:33 UTC
We will look into this, but this is a long-term project.

Comment 2 Fedora Admin XMLRPC Client 2009-02-24 16:15:39 UTC
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.

Comment 3 Jeff Moyer 2009-08-21 15:31:27 UTC
Ian, sorry I haven't been able to get to this.

Comment 4 Ian Kent 2009-08-31 09:23:15 UTC
(In reply to comment #0)
> autofs should be ported to use NSS library for cryptography.
> See the tracking bug for details and links on how it could be done.  

I'm confused as to what actually needs to be done here?

autofs uses one or two openssl calls purely to prevent SEGVs
caused by the openssl library when unloading and reloading
it's lookup modules that depend on it only indirectly. Other
than this all openssl interaction is done entirely by these
dependent libraries and not by autofs itself.

OTOH, is the NSS library thread safe (I expect it is) and
does it use Thread Specific Data (TSD) keys? We have had
problems with shared libraries that make assumptions about
their status wrt. being unloaded when using TSD keys. The
library libxml2 is definitely broken and libtirpc is open
to question but is probably broken. The Kerberos library is
the only shared library known to survive this library
unloading and reloading when using TSD keys so far. How
about the NSS library and its use of TSD keys?

Ian

Comment 5 Tomas Mraz 2009-08-31 11:11:49 UTC
Let's close as NOTABUG then.

Comment 6 Jeff Moyer 2009-08-31 13:46:16 UTC
There was a push in Fedora to get rid of multiple implementations of ssl libraries.  I believe that was the impetus for this bugzilla.  If that is no longer a goal, then I'm fine closing this out.

Comment 7 Ian Kent 2009-08-31 14:51:08 UTC
(In reply to comment #5)
> Let's close as NOTABUG then.  

Yeah, hopefully the link will fail if the libraries of
dependent subsystems change and then I cam remove those
couple of calls I do have.

Ian


Note You need to log in before you can comment on or make changes to this bug.