Thank
you jack for the review.
Also, thanks to Matt for helping out with the console dependency
issue.
Please see the attached revision that addressed the comments.
It has been tested to work on all three types of clients.
thanks,
Christina
On 07/10/2015 03:59 PM, John Magne wrote:
Functionality looks good,
just a few minor suggestions:
1. This code:
+
+ static final Integer[] clientECCciphers = {
+ SSLSocket.TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
+ SSLSocket.TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
+ SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+ SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+ SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
+ SSLSocket.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
+ SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+ };
+ ArrayList<Integer> eccCiphers = new
ArrayList(Arrays.asList(clientECCciphers));
For the ArrayList declaration:
Eclipse is complaining about unsafe conversions, it suggests
something like:
ArrayList<Integer> eccCiphers = new
ArrayList<Integer>(Arrays.asList(clientECCciphers));
Also, I think we can declare this with a more general Collection
such as "List" and leave the ArrayList implementation, since
that appears to be the convention.
Also, due to the final suggestion, we can make List static,
since nothing changes and one would do.
2. I see the similar code to instantiate all this data and
ensure the ciphers are legit is copied around 3 times.
I think we can move this stuff to a common class and have
everyone use it, so if it needs to change it will only change in
one place.
----- Original Message -----
From: "Christina Fu"
<cfu@redhat.com>
To: pki-devel@redhat.com
Sent: Friday, July 10, 2015 11:51:08 AM
Subject: [Pki-devel] [PATCH]
pki-cfu-0084-Ticket-1459-Dogtag-clients-cannot-connect-when-CS-is.patch
These patches address the following ticket:
https://fedorahosted.org/pki/ticket/1459 Dogtag clients cannot
connect
when CS is configured with ECC
the first patch is just to clean up the tabs in the
constructor of the
file JSSConnection in preparation for code changes :
pki-cfu-0083-ecc-Console-1.-clean-up-the-tabs-in-the-JSSConnectio.patch
The second patch addresses the ECC ssl connection issue from
the
- java console
- cli clients
- HttpClient
They have been tested to work with ECC ca.
thanks,
Christina
_______________________________________________
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel
_______________________________________________
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel