Only use KeyManagerFactory in SniClientTest when supported by OpenSSL version. (#8289)

Motivation: 6ed7c6c75d added a test which blindly assumed we can use a KeyManagerFactory all the time. This is only true if have OpenSSL 1.0.2 or later, which may not be the case. Modifications: Only use KeyManagerFactory in test if the OpenSSL version does support it. Result: More robust tests.
2018-09-14 19:01:55 +02:00 · 2018-09-14 19:01:55 +02:00 · 2b1514ec5a
commit 2b1514ec5a
parent 6ed7c6c75d
1 changed files with 17 additions and 7 deletions
--- a/handler/src/test/java/io/netty/handler/ssl/SniClientTest.java
+++ b/handler/src/test/java/io/netty/handler/ssl/SniClientTest.java
@ -91,7 +91,7 @@ public class SniClientTest {
        SniClientJava8TestUtil.testSniClient(serverProvider, clientProvider, false);
    }

-    private static void testSniClient(SslProvider sslClientProvider, SslProvider sslServerProvider) throws Exception {
+    private static void testSniClient(SslProvider sslServerProvider, SslProvider sslClientProvider) throws Exception {
        String sniHostName = "sni.netty.io";
        LocalAddress address = new LocalAddress("test");
        EventLoopGroup group = new DefaultEventLoopGroup(1);
@ -100,13 +100,23 @@ public class SniClientTest {
        try {
            SelfSignedCertificate cert = new SelfSignedCertificate();

-            KeyManagerFactory kmf = PlatformDependent.javaVersion() >= 8 ?
-                    SniClientJava8TestUtil.newSniX509KeyManagerFactory(cert, sniHostName) :
-                    SslContext.buildKeyManagerFactory(
-                            new X509Certificate[] { cert.cert() }, cert.key(), null, null);
+            final SslContext sslServerContext;
+            if ((sslServerProvider == SslProvider.OPENSSL || sslServerProvider == SslProvider.OPENSSL_REFCNT)
+                && !OpenSsl.useKeyManagerFactory()) {
+                sslServerContext = SslContextBuilder.forServer(cert.certificate(), cert.privateKey())
+                                                    .sslProvider(sslServerProvider)
+                                                    .build();
+            } else {
+                // The used OpenSSL version does support a KeyManagerFactory, so use it.
+                KeyManagerFactory kmf = PlatformDependent.javaVersion() >= 8 ?
+                        SniClientJava8TestUtil.newSniX509KeyManagerFactory(cert, sniHostName) :
+                        SslContext.buildKeyManagerFactory(
+                                new X509Certificate[] { cert.cert() }, cert.key(), null, null);

-            final SslContext sslServerContext = SslContextBuilder.forServer(kmf)
-                    .sslProvider(sslServerProvider).build();
+               sslServerContext = SslContextBuilder.forServer(kmf)
+                                                   .sslProvider(sslServerProvider)
+                                                   .build();
+            }

            final Promise<String> promise = group.next().newPromise();
            ServerBootstrap sb = new ServerBootstrap();