-
Notifications
You must be signed in to change notification settings - Fork 137
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add NonBlockingSocketFactory #4832
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, just a comment but feel free to merge when possible.
jssSocket.setCertFromAlias(certNickname); | ||
} | ||
|
||
jssSocket.getEngine().setListeners(Arrays.asList(new SSLSocketListener() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
getEngine()
is not need, possible to call setListeners()
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed.
The NonBlockingSocketFactory has been added to provide a non-blocking socket factory for PKIConnection. Eventually it will replace the DefaultSocketFactory once the support for OCSP and CRL has been added into JSSTrustManager. The test for HTTPS connector with NSS has been updated to use the non-blocking socket factory and validate the new error messages generated by JSSTrustManager. The test for HTTPS connector with PKCS dogtagpki#12 file will continue to use the blocking socket factory to prevent regressions.
Quality Gate passedIssues Measures |
@fmarco76 Thanks! I've updated the test to match the current output (i.e. without SSL alerts) so the test will pass. Once we figure out how to fix the missing SSL alerts we can update the test again. |
The
NonBlockingSocketFactory
has been added to provide a non-blocking socket factory forPKIConnection
. Eventually it will replace theDefaultSocketFactory
once the support for OCSP and CRL has been added intoJSSTrustManager
.The test for HTTPS connector with NSS has been updated to use the non-blocking socket factory and validate the new error messages generated by
JSSTrustManager
. The test for HTTPS connector with PKCS #12 file will continue to use the blocking socket factory to prevent regressions.Note: This PR depends on dogtagpki/jss#1022