zookeeper-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From anmolnar <...@git.apache.org>
Subject [GitHub] zookeeper pull request #184: ZOOKEEPER-236: SSL Support for Atomic Broadcast...
Date Thu, 14 Jun 2018 19:04:09 GMT
Github user anmolnar commented on a diff in the pull request:

    https://github.com/apache/zookeeper/pull/184#discussion_r195537620
  
    --- Diff: src/java/main/org/apache/zookeeper/common/X509Util.java ---
    @@ -79,7 +91,7 @@
         public X509Util() {
             String cipherSuitesInput = System.getProperty(cipherSuitesProperty);
             if (cipherSuitesInput == null) {
    -            cipherSuites = null;
    +            cipherSuites = getDefaultCipherSuites();
    --- End diff --
    
    Providing null as cipher suite list throws exception, but empty list is accepted. In which
case SSL won't work, because there's no enabled cipher suite at all. Similarly if enabled
suites and supported suites doesn't have anything in common, SSL is broken.
    
    I wouldn't intersect and wouldn't default on empty list. Just use whatever the user provided
and don't do magic which otherwise has to be documented properly.


---

Mime
View raw message