[Pki-devel] [PATCH] pki-cfu-0084-Ticket-1459-Dogtag-clients-cannot-connect-when-CS-is.patch
Christina Fu
cfu at redhat.com
Tue Jul 14 01:14:29 UTC 2015
This version addressed one missed comment regarding one common function
to set ciphers.
thanks,
Christina
On 07/13/2015 05:00 PM, Christina Fu wrote:
> Thank you jack for the review.
> Also, thanks to Matt for helping out with the console dependency issue.
>
> Please see the attached revision that addressed the comments.
> It has been tested to work on all three types of clients.
>
> thanks,
> Christina
>
> On 07/10/2015 03:59 PM, John Magne wrote:
>> Functionality looks good,
>> just a few minor suggestions:
>>
>>
>> 1. This code:
>>
>> +
>> + static final Integer[] clientECCciphers = {
>> + SSLSocket.TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
>> + SSLSocket.TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
>> + SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
>> + SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
>> + SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
>> + SSLSocket.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
>> + SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
>> + };
>> + ArrayList<Integer> eccCiphers = new
>> ArrayList(Arrays.asList(clientECCciphers));
>>
>>
>>
>> For the ArrayList declaration:
>>
>> Eclipse is complaining about unsafe conversions, it suggests
>> something like:
>>
>> ArrayList<Integer> eccCiphers = new
>> ArrayList<Integer>(Arrays.asList(clientECCciphers));
>>
>> Also, I think we can declare this with a more general Collection such
>> as "List" and leave the ArrayList implementation, since
>> that appears to be the convention.
>>
>> Also, due to the final suggestion, we can make List static, since
>> nothing changes and one would do.
>>
>> 2. I see the similar code to instantiate all this data and ensure the
>> ciphers are legit is copied around 3 times.
>> I think we can move this stuff to a common class and have everyone
>> use it, so if it needs to change it will only change in one place.
>>
>>
>>
>>
>>
>> ----- Original Message -----
>>> From: "Christina Fu" <cfu at redhat.com>
>>> To: pki-devel at redhat.com
>>> Sent: Friday, July 10, 2015 11:51:08 AM
>>> Subject: [Pki-devel] [PATCH]
>>> pki-cfu-0084-Ticket-1459-Dogtag-clients-cannot-connect-when-CS-is.patch
>>>
>>> These patches address the following ticket:
>>> https://fedorahosted.org/pki/ticket/1459 Dogtag clients cannot connect
>>> when CS is configured with ECC
>>>
>>> the first patch is just to clean up the tabs in the constructor of the
>>> file JSSConnection in preparation for code changes :
>>> pki-cfu-0083-ecc-Console-1.-clean-up-the-tabs-in-the-JSSConnectio.patch
>>>
>>> The second patch addresses the ECC ssl connection issue from the
>>> - java console
>>> - cli clients
>>> - HttpClient
>>>
>>> They have been tested to work with ECC ca.
>>>
>>> thanks,
>>> Christina
>>>
>>> _______________________________________________
>>> Pki-devel mailing list
>>> Pki-devel at redhat.com
>>> https://www.redhat.com/mailman/listinfo/pki-devel
>
>
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20150713/0d952da7/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pki-cfu-0087-Ticket-1459-Dogtag-clients-cannot-connect-when-CS-is.patch
Type: text/x-patch
Size: 10022 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20150713/0d952da7/attachment.bin>
More information about the Pki-devel
mailing list