[Pki-devel] [PATCH] pki-cfu-0084-Ticket-1459-Dogtag-clients-cannot-connect-when-CS-is.patch

Christina Fu cfu at redhat.com
Tue Jul 14 00:00:46 UTC 2015 

Thank you jack for the review.
Also, thanks to Matt for helping out with the console dependency issue.

Please see the attached revision that addressed the comments.
It has been tested to work on all three types of clients.

thanks,
Christina

On 07/10/2015 03:59 PM, John Magne wrote:
> Functionality looks good,
> just a few minor suggestions:
>
>
> 1. This code:
>
> +
> +    static final Integer[] clientECCciphers = {
> +        SSLSocket.TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
> +        SSLSocket.TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
> +        SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
> +        SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
> +        SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
> +        SSLSocket.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
> +        SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
> +    };
> +    ArrayList<Integer> eccCiphers = new ArrayList(Arrays.asList(clientECCciphers));
>
>
>
> For the ArrayList declaration:
>
> Eclipse is complaining about unsafe conversions, it suggests something like:
>
> ArrayList<Integer> eccCiphers = new ArrayList<Integer>(Arrays.asList(clientECCciphers));
>
> Also, I think we can declare this with a more general Collection such as "List" and leave the ArrayList implementation, since
> that appears to be the convention.
>
> Also, due to the final suggestion, we can make  List static, since nothing changes and one would do.
>
> 2. I see the similar code to instantiate all this data and ensure the ciphers are legit is copied around 3 times.
> I think we can move this stuff to a common class and have everyone use it, so if it needs to change it will only change in one place.
>
>
>
>
>
> ----- Original Message -----
>> From: "Christina Fu" <cfu at redhat.com>
>> To: pki-devel at redhat.com
>> Sent: Friday, July 10, 2015 11:51:08 AM
>> Subject: [Pki-devel] [PATCH]	pki-cfu-0084-Ticket-1459-Dogtag-clients-cannot-connect-when-CS-is.patch
>>
>> These patches address the following ticket:
>> https://fedorahosted.org/pki/ticket/1459 Dogtag clients cannot connect
>> when CS is configured with ECC
>>
>> the first patch is just to clean up the tabs in the constructor of the
>> file JSSConnection in preparation for code changes :
>> pki-cfu-0083-ecc-Console-1.-clean-up-the-tabs-in-the-JSSConnectio.patch
>>
>> The second patch addresses the ECC ssl connection issue from the
>> - java console
>> - cli clients
>> - HttpClient
>>
>> They have been tested to work with ECC ca.
>>
>> thanks,
>> Christina
>>
>> _______________________________________________
>> Pki-devel mailing list
>> Pki-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/pki-devel

-------------- next part --------------
A non-text attachment was scrubbed...
Name: pki-cfu-0085-Ticket-1459-Dogtag-clients-cannot-connect-when-CS-is.patch
Type: text/x-patch
Size: 12884 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20150713/eaf4d562/attachment.bin>

More information about the Pki-devel mailing list