[Pki-devel] [PATCH] pki-cfu-0084-Ticket-1459-Dogtag-clients-cannot-connect-when-CS-is.patch

Tue Jul 14 15:45:21 UTC 2015

checked into master:

commit e62b40b9249d0f0b394275da35fa7c2ee99842b5
Author: Christina Fu <cfu at redhat.com>
Date:   Fri Jul 10 11:41:22 2015 -0700

     Ticket 1459 Dogtag clients cannot connect when CS is configured 
with ECC
       clients are: cli, HttpClient, and java console

commit 8c9e59cfaff9ecda1483c07238ad0b58ea4f5f73
Author: Christina Fu <cfu at redhat.com>
Date:   Wed Jul 8 17:45:59 2015 -0700

     ecc Console - 1. clean up the tabs in the JSSConnection constructor


thanks,
Christina

On 07/13/2015 06:17 PM, John Magne wrote:
> That should do it:
>
> ACK
>
> thanks.
>
> ----- Original Message -----
> From: "Christina Fu" <cfu at redhat.com>
> To: pki-devel at redhat.com
> Sent: Monday, July 13, 2015 6:14:29 PM
> Subject: Re: [Pki-devel] [PATCH]	pki-cfu-0084-Ticket-1459-Dogtag-clients-cannot-connect-when-CS-is.patch
>
> This version addressed one missed comment regarding one common function to set ciphers.
> thanks,
> Christina
>
> On 07/13/2015 05:00 PM, Christina Fu wrote:
>
>
> Thank you jack for the review.
> Also, thanks to Matt for helping out with the console dependency issue.
>
> Please see the attached revision that addressed the comments.
> It has been tested to work on all three types of clients.
>
> thanks,
> Christina
>
> On 07/10/2015 03:59 PM, John Magne wrote:
>
>
> Functionality looks good,
> just a few minor suggestions:
>
>
> 1. This code:
>
> +
> + static final Integer[] clientECCciphers = {
> + SSLSocket.TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
> + SSLSocket.TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
> + SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
> + SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
> + SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
> + SSLSocket.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
> + SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
> + };
> + ArrayList<Integer> eccCiphers = new ArrayList(Arrays.asList(clientECCciphers));
>
>
>
> For the ArrayList declaration:
>
> Eclipse is complaining about unsafe conversions, it suggests something like:
>
> ArrayList<Integer> eccCiphers = new ArrayList<Integer>(Arrays.asList(clientECCciphers));
>
> Also, I think we can declare this with a more general Collection such as "List" and leave the ArrayList implementation, since
> that appears to be the convention.
>
> Also, due to the final suggestion, we can make List static, since nothing changes and one would do.
>
> 2. I see the similar code to instantiate all this data and ensure the ciphers are legit is copied around 3 times.
> I think we can move this stuff to a common class and have everyone use it, so if it needs to change it will only change in one place.
>
>
>
>
>
> ----- Original Message -----
>
>
> From: "Christina Fu" <cfu at redhat.com>
> To: pki-devel at redhat.com
> Sent: Friday, July 10, 2015 11:51:08 AM
> Subject: [Pki-devel] [PATCH] pki-cfu-0084-Ticket-1459-Dogtag-clients-cannot-connect-when-CS-is.patch
>
> These patches address the following ticket:
> https://fedorahosted.org/pki/ticket/1459 Dogtag clients cannot connect
> when CS is configured with ECC
>
> the first patch is just to clean up the tabs in the constructor of the
> file JSSConnection in preparation for code changes :
> pki-cfu-0083-ecc-Console-1.-clean-up-the-tabs-in-the-JSSConnectio.patch
>
> The second patch addresses the ECC ssl connection issue from the
> - java console
> - cli clients
> - HttpClient
>
> They have been tested to work with ECC ca.
>
> thanks,
> Christina
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
>
>
>
> _______________________________________________
> Pki-devel mailing list Pki-devel at redhat.com https://www.redhat.com/mailman/listinfo/pki-devel
>
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel