[Engine-patches] Change in ovirt-engine[master]: core: remove commons httpclient from provider proxy

Thu, 02 Oct 2014 02:27:07 -0700 

Alon Bar-Lev has posted comments on this change.

Change subject: core: remove commons httpclient from provider proxy
......................................................................


Patch Set 14:

(1 comment)

http://gerrit.ovirt.org/#/c/33458/14/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/provider/BaseProviderProxy.java
File 
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/provider/BaseProviderProxy.java:

Line 75
Line 76
Line 77
Line 78
Line 79
> depend on what you want to do in ui.
ok, checked.

java can trust end certificate.

this means that you can give an option what certificate to trust, you need to 
trust the one, the java will complete the chain from what server sent.

however, in the www.google.com case notice the server does not send the root 
certificate, so you cannot auto detect the root. but this root does exist in 
the default java store.

if we really like we can complete the chain using the java store up to trusted 
root. this is the meaning of the bellow comment:

        96              - // Still need to verify that the root certificate is 
returned also
        97              - // when it is trusted by the JRE truststore (cacerts 
file) 

trusting intermediate certificate is something that should be avoided. either 
you trust end certificate or trust the root.


-- 
To view, visit http://gerrit.ovirt.org/33458
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I727d34c33f357b93560d4b5a1784b3733b7fa293
Gerrit-PatchSet: 14
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Yair Zaslavsky <yzasl...@redhat.com>
Gerrit-Reviewer: Alon Bar-Lev <alo...@redhat.com>
Gerrit-Reviewer: Moti Asayag <masa...@redhat.com>
Gerrit-Reviewer: Oved Ourfali <oourf...@redhat.com>
Gerrit-Reviewer: Yair Zaslavsky <yzasl...@redhat.com>
Gerrit-Reviewer: automat...@ovirt.org
Gerrit-Reviewer: oVirt Jenkins CI Server
Gerrit-HasComments: Yes
_______________________________________________
Engine-patches mailing list
Engine-patches@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-patches

Reply via email to