[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Pki-devel] [PATCH] pki-cfu-0084-Ticket-1459-Dogtag-clients-cannot-connect-when-CS-is.patch



checked into master:

commit e62b40b9249d0f0b394275da35fa7c2ee99842b5
Author: Christina Fu <cfu redhat com>
Date:   Fri Jul 10 11:41:22 2015 -0700

Ticket 1459 Dogtag clients cannot connect when CS is configured with ECC
      clients are: cli, HttpClient, and java console

commit 8c9e59cfaff9ecda1483c07238ad0b58ea4f5f73
Author: Christina Fu <cfu redhat com>
Date:   Wed Jul 8 17:45:59 2015 -0700

    ecc Console - 1. clean up the tabs in the JSSConnection constructor


thanks,
Christina

On 07/13/2015 06:17 PM, John Magne wrote:
That should do it:

ACK

thanks.

----- Original Message -----
From: "Christina Fu" <cfu redhat com>
To: pki-devel redhat com
Sent: Monday, July 13, 2015 6:14:29 PM
Subject: Re: [Pki-devel] [PATCH]	pki-cfu-0084-Ticket-1459-Dogtag-clients-cannot-connect-when-CS-is.patch

This version addressed one missed comment regarding one common function to set ciphers.
thanks,
Christina

On 07/13/2015 05:00 PM, Christina Fu wrote:


Thank you jack for the review.
Also, thanks to Matt for helping out with the console dependency issue.

Please see the attached revision that addressed the comments.
It has been tested to work on all three types of clients.

thanks,
Christina

On 07/10/2015 03:59 PM, John Magne wrote:


Functionality looks good,
just a few minor suggestions:


1. This code:

+
+ static final Integer[] clientECCciphers = {
+ SSLSocket.TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
+ SSLSocket.TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
+ SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+ SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+ SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
+ SSLSocket.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
+ SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+ };
+ ArrayList<Integer> eccCiphers = new ArrayList(Arrays.asList(clientECCciphers));



For the ArrayList declaration:

Eclipse is complaining about unsafe conversions, it suggests something like:

ArrayList<Integer> eccCiphers = new ArrayList<Integer>(Arrays.asList(clientECCciphers));

Also, I think we can declare this with a more general Collection such as "List" and leave the ArrayList implementation, since
that appears to be the convention.

Also, due to the final suggestion, we can make List static, since nothing changes and one would do.

2. I see the similar code to instantiate all this data and ensure the ciphers are legit is copied around 3 times.
I think we can move this stuff to a common class and have everyone use it, so if it needs to change it will only change in one place.





----- Original Message -----


From: "Christina Fu" <cfu redhat com>
To: pki-devel redhat com
Sent: Friday, July 10, 2015 11:51:08 AM
Subject: [Pki-devel] [PATCH] pki-cfu-0084-Ticket-1459-Dogtag-clients-cannot-connect-when-CS-is.patch

These patches address the following ticket:
https://fedorahosted.org/pki/ticket/1459 Dogtag clients cannot connect
when CS is configured with ECC

the first patch is just to clean up the tabs in the constructor of the
file JSSConnection in preparation for code changes :
pki-cfu-0083-ecc-Console-1.-clean-up-the-tabs-in-the-JSSConnectio.patch

The second patch addresses the ECC ssl connection issue from the
- java console
- cli clients
- HttpClient

They have been tested to work with ECC ca.

thanks,
Christina

_______________________________________________
Pki-devel mailing list
Pki-devel redhat com
https://www.redhat.com/mailman/listinfo/pki-devel



_______________________________________________
Pki-devel mailing list Pki-devel redhat com https://www.redhat.com/mailman/listinfo/pki-devel


_______________________________________________
Pki-devel mailing list
Pki-devel redhat com
https://www.redhat.com/mailman/listinfo/pki-devel


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]