From 36d41eebc3cc0b9656a688976c26bf5f819188c3 Mon Sep 17 00:00:00 2001
From: Yuriy Movchan <Yuriy.Movchan@gmail.com>
Date: Tue, 28 Sep 2021 20:02:43 +0000
Subject: [PATCH] fix: Fix rebuild-index in FIPS mode (#189)

---
 opendj-server-legacy/src/main/java/org/opends/server/tools/SSLConnectionFactory.java |   16 ++++++++++------
 1 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/opendj-server-legacy/src/main/java/org/opends/server/tools/SSLConnectionFactory.java b/opendj-server-legacy/src/main/java/org/opends/server/tools/SSLConnectionFactory.java
index 69019a2..5a7f3cd 100644
--- a/opendj-server-legacy/src/main/java/org/opends/server/tools/SSLConnectionFactory.java
+++ b/opendj-server-legacy/src/main/java/org/opends/server/tools/SSLConnectionFactory.java
@@ -47,7 +47,7 @@
 import com.forgerock.opendj.cli.ConnectionFactoryProvider;
 
 import static org.opends.messages.ToolMessages.*;
-
+import static com.forgerock.opendj.util.StaticUtils.isFips;
 
 /**
  * This class provides SSL connection related utility functions.
@@ -127,11 +127,15 @@
              getTrustManagers(KeyStore.getDefaultType(), null, trustStorePath,
                               trustStorePassword);
         trustManagers = new TrustManager[tmpTrustManagers.length];
-        for (int i=0; i < trustManagers.length; i++)
-        {
-          trustManagers[i] =
-               new ExpirationCheckTrustManager((X509TrustManager)
-                                               tmpTrustManagers[i]);
+        if (isFips()) {
+          trustManagers = tmpTrustManagers;
+        } else {
+          for (int i=0; i < trustManagers.length; i++)
+          {
+            trustManagers[i] =
+                 new ExpirationCheckTrustManager((X509TrustManager)
+                                                 tmpTrustManagers[i]);
+          }
         }
       }
       if(keyStorePath != null)

--
Gitblit v1.10.0