Slair1 commented on a change in pull request #4852:
URL: https://github.com/apache/cloudstack/pull/4852#discussion_r600524166
##########
File path:
plugins/ca/root-ca/src/main/java/org/apache/cloudstack/ca/provider/RootCAProvider.java
##########
@@ -263,16 +263,20 @@ public SSLEngine createSSLEngine(final SSLContext
sslContext, final String remot
kmf.init(ks, getKeyStorePassphrase());
tmf.init(ks);
- final boolean authStrictness = rootCAAuthStrictness.value();
final boolean allowExpiredCertificate = rootCAAllowExpiredCert.value();
- TrustManager[] tms = new TrustManager[]{new
RootCACustomTrustManager(remoteAddress, authStrictness,
allowExpiredCertificate, certMap, caCertificate, crlDao)};
+ TrustManager[] tms = new
TrustManager[]{createRootCACustomTrustManager(remoteAddress,
allowExpiredCertificate, certMap, caCertificate, crlDao)};
+
sslContext.init(kmf.getKeyManagers(), tms, new SecureRandom());
final SSLEngine sslEngine = sslContext.createSSLEngine();
- sslEngine.setNeedClientAuth(authStrictness);
+ sslEngine.setNeedClientAuth(rootCAAuthStrictness.value());
Review comment:
@sureshanaparti Yea, we can switch back to using the variable, thanks.
Only switched away from it since it was the only reference to that variable.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
