rcritten / certmonger

Forked from certmonger 6 years ago
Clone

5e77bf1 certread-n: Look up certs using PK11_FindCertFromNickname()

Authored and Committed by rcritten 3 years ago
    certread-n: Look up certs using PK11_FindCertFromNickname()
    
    Don't loop through all the tokens looking for a given nickname, look
    it up directly. If a nickname does not contain a token then NSS
    treats it as the internal token. Otherwise it uses the token name
    to retrieve the slot and looks for certificates in that slot.
    
    Looping through the certificates in each slot using
    PK11_ListCertsInSlot() was sometimes taking as many as 14 seconds
    for no apparent reason. This slowdown is not seen when using
    PK11_FindCertFromNickname().
    
    This 14 second delay was causing client DBus timeouts which was
    causing IPA server installation failures when running start-tracking
    on the CA subsystem certificates.
    
    Related IPA issue https://pagure.io/freeipa/issue/8533
    
        
file modified
+88 -147