Murtadha Hubail has posted comments on this change. Change subject: [ASTERIXDB-2490][NET] Support Encrypted IPC Connections ......................................................................
Patch Set 5: (11 comments) https://asterix-gerrit.ics.uci.edu/#/c/3052/4/hyracks-fullstack/hyracks/hyracks-api/src/main/java/org/apache/hyracks/api/network/INetworkSecurityConfig.java File hyracks-fullstack/hyracks/hyracks-api/src/main/java/org/apache/hyracks/api/network/INetworkSecurityConfig.java: PS4, Line 44: */ > should this be a File? Should we name this *File instead of *Path as well? Done PS4, Line 58: */ > should this be a File? Should we name this *File instead of *Path as well? In our case it should be a file. In certain key formats it will be the same file as the key store file. https://asterix-gerrit.ics.uci.edu/#/c/3052/4/hyracks-fullstack/hyracks/hyracks-control/hyracks-control-common/src/main/java/org/apache/hyracks/control/common/controllers/CCConfig.java File hyracks-fullstack/hyracks/hyracks-control/hyracks-control-common/src/main/java/org/apache/hyracks/control/common/controllers/CCConfig.java: PS4, Line 78: STRING > should we add a FILE type? Might be a good idea, but let's do that in a different change. PS4, Line 79: STRING > should we add a FILE type? Might be a good idea, but let's do that in a different change. PS4, Line 195: A fully-qualified path to a k > does this mean fully-qualified java key store file name? Yes, but not necessarily in java's format. is it better now? PS4, Line 197: A fully-qualified path to a tru > does this mean fully-qualified java trust store file name? Yes, but not necessarily in java's format. is it better now? https://asterix-gerrit.ics.uci.edu/#/c/3052/4/hyracks-fullstack/hyracks/hyracks-control/hyracks-control-common/src/main/java/org/apache/hyracks/control/common/controllers/NCConfig.java File hyracks-fullstack/hyracks/hyracks-control/hyracks-control-common/src/main/java/org/apache/hyracks/control/common/controllers/NCConfig.java: PS4, Line 90: STRING > should we add a FILE type? Might be a good idea, but let's do that in a different change. PS4, Line 91: STRING > should we add a FILE type? Might be a good idea, but let's do that in a different change. PS4, Line 216: A fully-qualified path to > does this mean fully-qualified java key store file name? Yes, but not necessarily in java's format. is it better now? PS4, Line 218: A fully-qualified path to a tru > does this mean fully-qualified trust key store file name? Yes, but not necessarily in java's format. is it better now? https://asterix-gerrit.ics.uci.edu/#/c/3052/4/hyracks-fullstack/hyracks/hyracks-ipc/src/main/java/org/apache/hyracks/ipc/sockets/SslHandshake.java File hyracks-fullstack/hyracks/hyracks-ipc/src/main/java/org/apache/hyracks/ipc/sockets/SslHandshake.java: PS4, Line 50: reduce possibility of overflow > what happens on overflow? (there is a window) The buffer is enlarged by doubling its size if needed (see line 143), but I don't think it should happen with this size using the current version of the TLS protocol. Even examples in Oracle's website are increasing the buffer size by this much and I noticed the default size with TLS1.2 is always doubling the buffer size once. -- To view, visit https://asterix-gerrit.ics.uci.edu/3052 To unsubscribe, visit https://asterix-gerrit.ics.uci.edu/settings Gerrit-MessageType: comment Gerrit-Change-Id: I7007a9be25287a94c5936d440355cfedb8e032b9 Gerrit-PatchSet: 5 Gerrit-Project: asterixdb Gerrit-Branch: master Gerrit-Owner: Murtadha Hubail <[email protected]> Gerrit-Reviewer: Anon. E. Moose #1000171 Gerrit-Reviewer: Jenkins <[email protected]> Gerrit-Reviewer: Michael Blow <[email protected]> Gerrit-Reviewer: Murtadha Hubail <[email protected]> Gerrit-HasComments: Yes
