sureshanaparti commented on a change in pull request #4852:
URL: https://github.com/apache/cloudstack/pull/4852#discussion_r599536678
##########
File path:
plugins/ca/root-ca/src/main/java/org/apache/cloudstack/ca/provider/RootCAProvider.java
##########
@@ -263,16 +263,20 @@ public SSLEngine createSSLEngine(final SSLContext
sslContext, final String remot
kmf.init(ks, getKeyStorePassphrase());
tmf.init(ks);
- final boolean authStrictness = rootCAAuthStrictness.value();
final boolean allowExpiredCertificate = rootCAAllowExpiredCert.value();
- TrustManager[] tms = new TrustManager[]{new
RootCACustomTrustManager(remoteAddress, authStrictness,
allowExpiredCertificate, certMap, caCertificate, crlDao)};
+ TrustManager[] tms = new
TrustManager[]{createRootCACustomTrustManager(remoteAddress,
allowExpiredCertificate, certMap, caCertificate, crlDao)};
+
sslContext.init(kmf.getKeyManagers(), tms, new SecureRandom());
final SSLEngine sslEngine = sslContext.createSSLEngine();
- sslEngine.setNeedClientAuth(authStrictness);
+ sslEngine.setNeedClientAuth(rootCAAuthStrictness.value());
Review comment:
@Slair1 any particular reason to use `rootCAAuthStrictness.value()` here
and while creating RootCACustomTrustManager? there are some chances for the
value here can be different from the one in RootCACustomTrustManager object
created, as the config "ca.plugin.root.auth.strictness" is a dynamic setting.
So, may be better to use it in earlier way (keeping in variable and use that)
for the config value to be consistent.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
