The PKI CLI has been modified to use hard-coded default values
in case the pki.conf is not available (e.g. in Eclipse).
ACKed by alee. Pushed to master.
--
Endi S. Dewata
>From cf611311181c3006009a3ae0ad19a39244028bd2 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <edew...@redhat.com>
Date: Mon, 20 Mar 2017 17:03:45 +0100
Subject: [PATCH] Added hard-coded default values for SSL parameters in PKI
CLI.
The PKI CLI has been modified to use hard-coded default values
in case the pki.conf is not available (e.g. in Eclipse).
---
base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java b/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java
index 83090a108a15997039fe217aa0a0296a54f59cf9..d64a235add35514e50114392de13d542a6e67e07 100644
--- a/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java
+++ b/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java
@@ -525,20 +525,20 @@ public class MainCLI extends CLI {
String streamVersionMax = System.getenv("SSL_STREAM_VERSION_MAX");
CryptoUtil.setSSLStreamVersionRange(
- SSLVersion.valueOf(streamVersionMin),
- SSLVersion.valueOf(streamVersionMax)
+ streamVersionMin == null ? SSLVersion.TLS_1_0 : SSLVersion.valueOf(streamVersionMin),
+ streamVersionMax == null ? SSLVersion.TLS_1_2 : SSLVersion.valueOf(streamVersionMax)
);
String datagramVersionMin = System.getenv("SSL_DATAGRAM_VERSION_MIN");
String datagramVersionMax = System.getenv("SSL_DATAGRAM_VERSION_MAX");
CryptoUtil.setSSLDatagramVersionRange(
- SSLVersion.valueOf(datagramVersionMin),
- SSLVersion.valueOf(datagramVersionMax)
+ datagramVersionMin == null ? SSLVersion.TLS_1_0 : SSLVersion.valueOf(datagramVersionMin),
+ datagramVersionMax == null ? SSLVersion.TLS_1_2 : SSLVersion.valueOf(datagramVersionMax)
);
String defaultCiphers = System.getenv("SSL_DEFAULT_CIPHERS");
- if (Boolean.parseBoolean(defaultCiphers)) {
+ if (defaultCiphers == null || Boolean.parseBoolean(defaultCiphers)) {
CryptoUtil.setDefaultSSLCiphers();
} else {
CryptoUtil.unsetSSLCiphers();
--
2.9.3
>From e25cda67e410d235a934f255c844e8e84ddf6716 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <edew...@redhat.com>
Date: Mon, 20 Mar 2017 17:21:14 +0100
Subject: [PATCH] Fixed default value for SSL datagram.
The minimum SSL version for datagram should have been TLS 1.1 to
match the default in pki.conf.
---
base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java b/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java
index d64a235add35514e50114392de13d542a6e67e07..6536951733dda38ef27b48871ff945aa55eb58de 100644
--- a/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java
+++ b/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java
@@ -533,7 +533,7 @@ public class MainCLI extends CLI {
String datagramVersionMax = System.getenv("SSL_DATAGRAM_VERSION_MAX");
CryptoUtil.setSSLDatagramVersionRange(
- datagramVersionMin == null ? SSLVersion.TLS_1_0 : SSLVersion.valueOf(datagramVersionMin),
+ datagramVersionMin == null ? SSLVersion.TLS_1_1 : SSLVersion.valueOf(datagramVersionMin),
datagramVersionMax == null ? SSLVersion.TLS_1_2 : SSLVersion.valueOf(datagramVersionMax)
);
--
2.9.3
_______________________________________________
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel
