certmonger

#246 Switch to CA user when saving NSS certificates
Merged by rcritten. Opened by rcritten.
rcritten/certmonger hsm  into  master

A new parameter was added, nss-user, which indicates
the user to become via setuid/setgid when saving
certificates in NSS. This is necessary when using
SoftHSM as a PKCS#11 device to keep the filesystem
permissions correct.

Also tweak cleaning up duplicate certificates. certmonger
makes an effort to remove any duplicates, those with
duplicated nicknames with different certs, etc.

It didn't handle those with tokens though in NSS. A
certificate in a token will have a mirrored entry in the
database to store trust information. This was being
seen as a "duplicate" and certmogner was removing it, thus
removing the trust.

Fixes: https://pagure.io/certmonger/issue/243

Signed-off-by: Rob Crittenden rcritten@redhat.com

rebased onto c55517b7c125b04fdea41d9662404fcfa5a935a4

rebased onto 4d93774397040b55b001378cff347a6e20b7c407

rebased onto 7c754902e9b3c5cfeca35e77c86f6c172b3dc56b

Pull-Request has been merged by rcritten
Metadata
None
No Tags
Changes Summary 8
+87 -9
file changed
src/certsave-n.c
+59 -8
file changed
src/getcert.c
+14 -0
file changed
src/store-files.c
+1 -0
file changed
src/store-int.h
+1 -0
file changed
src/tdbus.h
+29 -1
file changed
src/tdbush.c
+1 -0
file changed
tests/028-dbus/expected.out
+1 -0
file changed
tests/028-dbus/expected.out.nodsa
Static archive. pagure.io was sunset in 2026; this is a read-only snapshot.
Red Hat Logo

Fedora is sponsored by Red Hat. Learn more about the relationship between Red Hat and Fedora »

© Red Hat, Inc. and others.