Correctly detect that KeyManagerFactory is not supported when using OpenSSL 1.1.0+ (#9170)
Motivation: How we tried to detect if KeyManagerFactory is supported was not good enough for OpenSSL 1.1.0+ as it partly provided the API but not all of what is required. This then lead to failures like: [ERROR] Tests run: 1, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 1.102 s <<< FAILURE! - in io.netty.channel.epoll.EpollDomainSocketStartTlsTest [ERROR] initializationError(io.netty.channel.epoll.EpollDomainSocketStartTlsTest) Time elapsed: 0.016 s <<< ERROR! javax.net.ssl.SSLException: failed to set certificate and key at io.netty.handler.ssl.ReferenceCountedOpenSslServerContext.newSessionContext(ReferenceCountedOpenSslServerContext.java:130) at io.netty.handler.ssl.OpenSslServerContext.<init>(OpenSslServerContext.java:353) at io.netty.handler.ssl.OpenSslServerContext.<init>(OpenSslServerContext.java:334) at io.netty.handler.ssl.SslContext.newServerContextInternal(SslContext.java:468) at io.netty.handler.ssl.SslContextBuilder.build(SslContextBuilder.java:457) at io.netty.testsuite.transport.socket.SocketStartTlsTest.data(SocketStartTlsTest.java:93) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50) at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12) at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47) at org.junit.runners.Parameterized.allParameters(Parameterized.java:280) at org.junit.runners.Parameterized.<init>(Parameterized.java:248) at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) at java.lang.reflect.Constructor.newInstance(Constructor.java:423) at org.junit.internal.builders.AnnotatedBuilder.buildRunner(AnnotatedBuilder.java:104) at org.junit.internal.builders.AnnotatedBuilder.runnerForClass(AnnotatedBuilder.java:86) at org.junit.runners.model.RunnerBuilder.safeRunnerForClass(RunnerBuilder.java:59) at org.junit.internal.builders.AllDefaultPossibilitiesBuilder.runnerForClass(AllDefaultPossibilitiesBuilder.java:26) at org.junit.runners.model.RunnerBuilder.safeRunnerForClass(RunnerBuilder.java:59) at org.junit.internal.requests.ClassRequest.getRunner(ClassRequest.java:33) at org.apache.maven.surefire.junit4.JUnit4Provider.execute(JUnit4Provider.java:362) at org.apache.maven.surefire.junit4.JUnit4Provider.executeWithRerun(JUnit4Provider.java:273) at org.apache.maven.surefire.junit4.JUnit4Provider.executeTestSet(JUnit4Provider.java:238) at org.apache.maven.surefire.junit4.JUnit4Provider.invoke(JUnit4Provider.java:159) at org.apache.maven.surefire.booter.ForkedBooter.invokeProviderInSameClassLoader(ForkedBooter.java:384) at org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(ForkedBooter.java:345) at org.apache.maven.surefire.booter.ForkedBooter.execute(ForkedBooter.java:126) at org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:418) Caused by: java.lang.Exception: Requires OpenSSL 1.0.2+ at io.netty.internal.tcnative.SSLContext.setCertificateCallback(Native Method) at io.netty.handler.ssl.ReferenceCountedOpenSslServerContext.newSessionContext(ReferenceCountedOpenSslServerContext.java:126) ... 32 more Modifications: Also try to set the certification callback and only if this works as well mark KeyManagerFactory support as enabled. Result: Also correctly work when OpenSSL 1.1.0 is used.
This commit is contained in:
parent
5ffac03f1e
commit
224d5fafaf
@ -33,8 +33,6 @@ import io.netty.util.internal.logging.InternalLogger;
|
|||||||
import io.netty.util.internal.logging.InternalLoggerFactory;
|
import io.netty.util.internal.logging.InternalLoggerFactory;
|
||||||
|
|
||||||
import java.io.ByteArrayInputStream;
|
import java.io.ByteArrayInputStream;
|
||||||
import java.security.AccessController;
|
|
||||||
import java.security.PrivilegedAction;
|
|
||||||
import java.security.cert.CertificateException;
|
import java.security.cert.CertificateException;
|
||||||
import java.security.cert.X509Certificate;
|
import java.security.cert.X509Certificate;
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
@ -235,7 +233,11 @@ public final class OpenSsl {
|
|||||||
|
|
||||||
PemEncoded privateKey = PemPrivateKey.valueOf(KEY.getBytes(CharsetUtil.US_ASCII));
|
PemEncoded privateKey = PemPrivateKey.valueOf(KEY.getBytes(CharsetUtil.US_ASCII));
|
||||||
try {
|
try {
|
||||||
X509Certificate certificate = selfSignedCertificate();
|
// Let's check if we can set a callback, which may not work if the used OpenSSL version
|
||||||
|
// is to old.
|
||||||
|
SSLContext.setCertificateCallback(sslCtx, null);
|
||||||
|
|
||||||
|
X509Certificate certificate = selfSignedCertificate();
|
||||||
certBio = ReferenceCountedOpenSslContext.toBIO(ByteBufAllocator.DEFAULT, certificate);
|
certBio = ReferenceCountedOpenSslContext.toBIO(ByteBufAllocator.DEFAULT, certificate);
|
||||||
cert = SSL.parseX509Chain(certBio);
|
cert = SSL.parseX509Chain(certBio);
|
||||||
|
|
||||||
@ -267,7 +269,7 @@ public final class OpenSsl {
|
|||||||
} catch (Throwable ignore) {
|
} catch (Throwable ignore) {
|
||||||
logger.debug("Failed to get useKeyManagerFactory system property.");
|
logger.debug("Failed to get useKeyManagerFactory system property.");
|
||||||
}
|
}
|
||||||
} catch (Throwable ignore) {
|
} catch (Error ignore) {
|
||||||
logger.debug("KeyManagerFactory not supported.");
|
logger.debug("KeyManagerFactory not supported.");
|
||||||
} finally {
|
} finally {
|
||||||
privateKey.release();
|
privateKey.release();
|
||||||
|
Loading…
x
Reference in New Issue
Block a user