7c75490 Switch to CA user when saving NSS certificates

Authored and Committed by rcritten a year ago
    Switch to CA user when saving NSS certificates
    
    A new parameter was added, nss-user, which indicates
    the user to become via setuid/setgid when saving
    certificates in NSS. This is necessary when using
    SoftHSM as a PKCS#11 device to keep the filesystem
    permissions correct.
    
    Also tweak cleaning up duplicate certificates. certmonger
    makes an effort to remove any duplicates, those with
    duplicated nicknames with different certs, etc.
    
    It didn't handle those with tokens though in NSS. A
    certificate in a token will have a mirrored entry in the
    database to store trust information. This was being
    seen as a "duplicate" and certmogner was removing it, thus
    removing the trust.
    
    Fixes: https://pagure.io/certmonger/issue/243
    
    Signed-off-by: Rob Crittenden <rcritten@redhat.com>
    
        
file modified
+87 -9
file modified
+59 -8
file modified
+14 -0
file modified
+1 -0
file modified
+1 -0
file modified
+29 -1
file modified
+1 -0