Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add NonBlockingSocketFactory #4832

Merged
merged 1 commit into from
Aug 23, 2024
Merged

Add NonBlockingSocketFactory #4832

merged 1 commit into from
Aug 23, 2024

Conversation

edewata
Copy link
Contributor

@edewata edewata commented Aug 21, 2024

The NonBlockingSocketFactory has been added to provide a non-blocking socket factory for PKIConnection. Eventually it will replace the DefaultSocketFactory once the support for OCSP and CRL has been added into JSSTrustManager.

The test for HTTPS connector with NSS has been updated to use the non-blocking socket factory and validate the new error messages generated by JSSTrustManager. The test for HTTPS connector with PKCS #12 file will continue to use the blocking socket factory to prevent regressions.

Note: This PR depends on dogtagpki/jss#1022

Copy link
Member

@fmarco76 fmarco76 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, just a comment but feel free to merge when possible.

jssSocket.setCertFromAlias(certNickname);
}

jssSocket.getEngine().setListeners(Arrays.asList(new SSLSocketListener() {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

getEngine() is not need, possible to call setListeners()

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed.

The NonBlockingSocketFactory has been added to provide a
non-blocking socket factory for PKIConnection. Eventually
it will replace the DefaultSocketFactory once the support
for OCSP and CRL has been added into JSSTrustManager.

The test for HTTPS connector with NSS has been updated to
use the non-blocking socket factory and validate the new
error messages generated by JSSTrustManager. The test for
HTTPS connector with PKCS dogtagpki#12 file will continue to use
the blocking socket factory to prevent regressions.
Copy link

@edewata
Copy link
Contributor Author

edewata commented Aug 23, 2024

@fmarco76 Thanks! I've updated the test to match the current output (i.e. without SSL alerts) so the test will pass. Once we figure out how to fix the missing SSL alerts we can update the test again.

@edewata edewata merged commit 0fff4df into dogtagpki:master Aug 23, 2024
146 of 157 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants