Charles Sparey

CR8432, OpenAM-6928, Not Enforced URLs Audit Log now also contains user name
Marking as complete. Comments inline.

Marking as complete. Comments inline.

and here.

and here.

and here.

and here.

Same here.

Same here.

Need to preserve previous value of header_fields in case realloc fails otherwise the memory is leaked.

Need to preserve previous value of header_fields in case realloc fails otherwise the memory is leaked.

Just to confirm - this is the correct scope for searching for Exception - given the sustaining issue last week?

Just to confirm - this is the correct scope for searching for Exception - given the sustaining issue last week?

redundant empty line

redundant empty line

Marking as complete pending a decision on using system root certificate stores with 'trusted body' certificates such as thwate ot verisign.

Marking as complete pending a decision on using system root certificate stores with 'trusted body' certificates such as thwate ot verisign.

Same comments as in previous iteration.

Same comments as in previous iteration.

Can we not use the OS provided certificate store / keychain in this instance?

Can we not use the OS provided certificate store / keychain in this instance?

What about the case where the certificate chain roots back to a public certificate body such as verisign? In this instance the root CA (verisgn) might not be locally available.

What about the case where the certificate chain roots back to a public certificate body such as verisign? In this instance the root CA (verisgn) might not be locally available.

LGTM

LGTM

Just to confirm - I am happy with these changes too, http://sources.forgerock.org/static/mt0445/2static/images/wiki/icons/emoticons/smile.gif

Just to confirm - I am happy with these changes too,

LGTM, one question, once the SSL issues are resolved, do we want to keep all these extra logging statements or do we remove some? Also, are we logging/decrypting any sensitive information? I guess ...

LGTM, one question, once the SSL issues are resolved, do we want to keep all these extra logging statements or do we remove some? Also, are we logging/decrypting any sensitive information? I guess not given that we also support plain http, but I thought I ought to ask.

Same comment as above.

Same comment as above.

Given that we are only really interested in one case here, why not use an if like: if(e->type == plaintext) continue; then if(strcmp(key... as before

Given that we are only really interested in one case here, why not use an if like:
if(e->type == plaintext) continue;
then
if(strcmp(key...
as before

Sorry, should have said terminate in case of error - with explicit option to continue as part of the command line options. - like force install options for RPM...

Sorry, should have said terminate in case of error - with explicit option to continue as part of the command line options. - like force install options for RPM...

Ok, that is fine. I don't exactly mind either way. What I am aware of is that environment variables are more of a nuisance on windows than on Linux and we need to make sure that whatever names we c...

Ok, that is fine. I don't exactly mind either way. What I am aware of is that environment variables are more of a nuisance on windows than on Linux and we need to make sure that whatever names we choose - they are unique to us and won't conflict with anything else on the system.

In which case, don't we want it to loop in this instance?

In which case, don't we want it to loop in this instance?

Why did we opt for this approach, rather than providing these values on the command line?

Why did we opt for this approach, rather than providing these values on the command line?

Same here - see comment above about silent override options.

Same here - see comment above about silent override options.

Again here - would prefer this to be another interactive step, reusing the same command override in the case of silent installs. ALSO, these critical errors ought to be displayed on the command lin...

Again here - would prefer this to be another interactive step, reusing the same command override in the case of silent installs. ALSO, these critical errors ought to be displayed on the command line rather than simply logged.