diff --git a/handler/src/main/java/io/netty/handler/ssl/OpenSslServerContext.java b/handler/src/main/java/io/netty/handler/ssl/OpenSslServerContext.java index de15e52387..01bf6a3905 100644 --- a/handler/src/main/java/io/netty/handler/ssl/OpenSslServerContext.java +++ b/handler/src/main/java/io/netty/handler/ssl/OpenSslServerContext.java @@ -122,6 +122,29 @@ public final class OpenSslServerContext extends OpenSslContext { toApplicationProtocolConfig(nextProtocols), sessionCacheSize, sessionTimeout); } + /** + * Creates a new instance. + * + * @param certChainFile an X.509 certificate chain file in PEM format + * @param keyFile a PKCS#8 private key file in PEM format + * @param keyPassword the password of the {@code keyFile}. + * {@code null} if it's not password-protected. + * @param ciphers the cipher suites to enable, in the order of preference. + * {@code null} to use the default cipher suites. + * @param config Application protocol config. + * @param sessionCacheSize the size of the cache used for storing SSL session objects. + * {@code 0} to use the default value. + * @param sessionTimeout the timeout for the cached SSL session objects, in seconds. + * {@code 0} to use the default value. + */ + public OpenSslServerContext( + File certChainFile, File keyFile, String keyPassword, TrustManagerFactory trustManagerFactory, + Iterable ciphers, ApplicationProtocolConfig config, + long sessionCacheSize, long sessionTimeout) throws SSLException { + this(certChainFile, keyFile, keyPassword, trustManagerFactory, ciphers, + toNegotiator(config, true), sessionCacheSize, sessionTimeout); + } + /** * Creates a new instance. * diff --git a/handler/src/main/java/io/netty/handler/ssl/SslContext.java b/handler/src/main/java/io/netty/handler/ssl/SslContext.java index a3be7a1200..f47b25f992 100644 --- a/handler/src/main/java/io/netty/handler/ssl/SslContext.java +++ b/handler/src/main/java/io/netty/handler/ssl/SslContext.java @@ -85,20 +85,24 @@ public abstract class SslContext { * @return {@link SslProvider#OPENSSL} if OpenSSL is available. {@link SslProvider#JDK} otherwise. */ public static SslProvider defaultServerProvider() { - if (OpenSsl.isAvailable()) { - return SslProvider.OPENSSL; - } else { - return SslProvider.JDK; - } + return defaultProvider(); } /** * Returns the default client-side implementation provider currently in use. * - * @return {@link SslProvider#JDK}, because it is the only implementation at the moment + * @return {@link SslProvider#OPENSSL} if OpenSSL is available. {@link SslProvider#JDK} otherwise. */ public static SslProvider defaultClientProvider() { - return SslProvider.JDK; + return defaultProvider(); + } + + private static SslProvider defaultProvider() { + if (OpenSsl.isAvailable()) { + return SslProvider.OPENSSL; + } else { + return SslProvider.JDK; + } } /** @@ -346,7 +350,7 @@ public abstract class SslContext { long sessionCacheSize, long sessionTimeout) throws SSLException { if (provider == null) { - provider = OpenSsl.isAvailable()? SslProvider.OPENSSL : SslProvider.JDK; + provider = defaultServerProvider(); } switch (provider) { @@ -356,7 +360,7 @@ public abstract class SslContext { keyManagerFactory, ciphers, cipherFilter, apn, sessionCacheSize, sessionTimeout); case OPENSSL: return new OpenSslServerContext( - keyCertChainFile, keyFile, keyPassword, + keyCertChainFile, keyFile, keyPassword, trustManagerFactory, ciphers, apn, sessionCacheSize, sessionTimeout); default: throw new Error(provider.toString()); @@ -640,12 +644,8 @@ public abstract class SslContext { File keyCertChainFile, File keyFile, String keyPassword, KeyManagerFactory keyManagerFactory, Iterable ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, long sessionCacheSize, long sessionTimeout) throws SSLException { - - if (provider != null && provider != SslProvider.JDK) { - throw new SSLException("client context unsupported for: " + provider); - } if (provider == null) { - provider = SslProvider.JDK; + provider = defaultClientProvider(); } switch (provider) { case JDK: