diff --git a/handler/src/main/java/io/netty/handler/ssl/Conscrypt.java b/handler/src/main/java/io/netty/handler/ssl/Conscrypt.java
index fe56e6a792..f7ac0269e8 100644
--- a/handler/src/main/java/io/netty/handler/ssl/Conscrypt.java
+++ b/handler/src/main/java/io/netty/handler/ssl/Conscrypt.java
@@ -15,6 +15,8 @@
*/
package io.netty.handler.ssl;
+import io.netty.util.internal.PlatformDependent;
+
import javax.net.ssl.SSLEngine;
import java.lang.invoke.MethodHandle;
import java.lang.invoke.MethodHandles;
@@ -59,7 +61,10 @@ final class Conscrypt {
* Indicates whether or not conscrypt is available on the current system.
*/
static boolean isAvailable() {
- return CAN_INSTANCE_PROVIDER && IS_CONSCRYPT_SSLENGINE != null;
+ return CAN_INSTANCE_PROVIDER && IS_CONSCRYPT_SSLENGINE != null &&
+ // Only works on Java14 and earlier for now
+ // See https://github.com/google/conscrypt/issues/838
+ (PlatformDependent.javaVersion() < 15 || PlatformDependent.isAndroid());
}
static boolean isEngineSupported(SSLEngine engine) {
diff --git a/handler/src/test/java/io/netty/handler/ssl/SSLEngineTest.java b/handler/src/test/java/io/netty/handler/ssl/SSLEngineTest.java
index 752c2c7551..d8510b5093 100644
--- a/handler/src/test/java/io/netty/handler/ssl/SSLEngineTest.java
+++ b/handler/src/test/java/io/netty/handler/ssl/SSLEngineTest.java
@@ -1015,8 +1015,13 @@ public abstract class SSLEngineTest {
assertEquals(1, session.getPeerCertificates().length);
assertArrayEquals(certBytes, session.getPeerCertificates()[0].getEncoded());
- assertEquals(1, session.getPeerCertificateChain().length);
- assertArrayEquals(certBytes, session.getPeerCertificateChain()[0].getEncoded());
+ try {
+ assertEquals(1, session.getPeerCertificateChain().length);
+ assertArrayEquals(certBytes, session.getPeerCertificateChain()[0].getEncoded());
+ } catch (UnsupportedOperationException e) {
+ // See https://bugs.openjdk.java.net/browse/JDK-8241039
+ assertTrue(PlatformDependent.javaVersion() >= 15);
+ }
assertEquals(1, session.getLocalCertificates().length);
assertArrayEquals(certBytes, session.getLocalCertificates()[0].getEncoded());
@@ -1752,20 +1757,36 @@ public abstract class SSLEngineTest {
Throwable cause = ((SslHandshakeCompletionEvent) evt).cause();
if (cause == null) {
SSLSession session = ((SslHandler) ctx.pipeline().first()).engine().getSession();
- X509Certificate[] peerCertificateChain = session.getPeerCertificateChain();
Certificate[] peerCertificates = session.getPeerCertificates();
- if (peerCertificateChain == null) {
- promise.setFailure(new NullPointerException("peerCertificateChain"));
- } else if (peerCertificates == null) {
+ if (peerCertificates == null) {
promise.setFailure(new NullPointerException("peerCertificates"));
- } else if (peerCertificateChain.length + peerCertificates.length != 4) {
- String excTxtFmt = "peerCertificateChain.length:%s, peerCertificates.length:%s";
- promise.setFailure(new IllegalStateException(String.format(excTxtFmt,
- peerCertificateChain.length,
- peerCertificates.length)));
- } else {
- for (int i = 0; i < peerCertificateChain.length; i++) {
- if (peerCertificateChain[i] == null || peerCertificates[i] == null) {
+ return;
+ }
+ try {
+ X509Certificate[] peerCertificateChain = session.getPeerCertificateChain();
+ if (peerCertificateChain == null) {
+ promise.setFailure(new NullPointerException("peerCertificateChain"));
+ } else if (peerCertificateChain.length + peerCertificates.length != 4) {
+ String excTxtFmt = "peerCertificateChain.length:%s, peerCertificates.length:%s";
+ promise.setFailure(new IllegalStateException(String.format(excTxtFmt,
+ peerCertificateChain.length,
+ peerCertificates.length)));
+ } else {
+ for (int i = 0; i < peerCertificateChain.length; i++) {
+ if (peerCertificateChain[i] == null || peerCertificates[i] == null) {
+ promise.setFailure(
+ new IllegalStateException("Certificate in chain is null"));
+ return;
+ }
+ }
+ promise.setSuccess(null);
+ }
+ } catch (UnsupportedOperationException e) {
+ // See https://bugs.openjdk.java.net/browse/JDK-8241039
+ assertTrue(PlatformDependent.javaVersion() >= 15);
+ assertEquals(2, peerCertificates.length);
+ for (int i = 0; i < peerCertificates.length; i++) {
+ if (peerCertificates[i] == null) {
promise.setFailure(
new IllegalStateException("Certificate in chain is null"));
return;
@@ -2993,7 +3014,7 @@ public abstract class SSLEngineTest {
// Workaround for JDK 14 regression.
// See https://bugs.openjdk.java.net/browse/JDK-8242008
- if (PlatformDependent.javaVersion() < 14) {
+ if (PlatformDependent.javaVersion() != 14) {
assertNotNull(serverSession.getSessionContext());
}
@@ -3028,9 +3049,15 @@ public abstract class SSLEngineTest {
assertEquals(1, serverPeerCertificates.length);
assertArrayEquals(clientLocalCertificates[0].getEncoded(), serverPeerCertificates[0].getEncoded());
- X509Certificate[] serverPeerX509Certificates = serverSession.getPeerCertificateChain();
- assertEquals(1, serverPeerX509Certificates.length);
- assertArrayEquals(clientLocalCertificates[0].getEncoded(), serverPeerX509Certificates[0].getEncoded());
+ try {
+ X509Certificate[] serverPeerX509Certificates = serverSession.getPeerCertificateChain();
+ assertEquals(1, serverPeerX509Certificates.length);
+ assertArrayEquals(clientLocalCertificates[0].getEncoded(),
+ serverPeerX509Certificates[0].getEncoded());
+ } catch (UnsupportedOperationException e) {
+ // See https://bugs.openjdk.java.net/browse/JDK-8241039
+ assertTrue(PlatformDependent.javaVersion() >= 15);
+ }
Principal clientLocalPrincipial = clientSession.getLocalPrincipal();
assertNotNull(clientLocalPrincipial);
@@ -3053,6 +3080,9 @@ public abstract class SSLEngineTest {
fail();
} catch (SSLPeerUnverifiedException expected) {
// As we did not use mutual auth this is expected
+ } catch (UnsupportedOperationException e) {
+ // See https://bugs.openjdk.java.net/browse/JDK-8241039
+ assertTrue(PlatformDependent.javaVersion() >= 15);
}
try {
@@ -3067,10 +3097,14 @@ public abstract class SSLEngineTest {
assertEquals(1, clientPeerCertificates.length);
assertArrayEquals(serverLocalCertificates[0].getEncoded(), clientPeerCertificates[0].getEncoded());
- X509Certificate[] clientPeerX509Certificates = clientSession.getPeerCertificateChain();
- assertEquals(1, clientPeerX509Certificates.length);
- assertArrayEquals(serverLocalCertificates[0].getEncoded(), clientPeerX509Certificates[0].getEncoded());
-
+ try {
+ X509Certificate[] clientPeerX509Certificates = clientSession.getPeerCertificateChain();
+ assertEquals(1, clientPeerX509Certificates.length);
+ assertArrayEquals(serverLocalCertificates[0].getEncoded(), clientPeerX509Certificates[0].getEncoded());
+ } catch (UnsupportedOperationException e) {
+ // See https://bugs.openjdk.java.net/browse/JDK-8241039
+ assertTrue(PlatformDependent.javaVersion() >= 15);
+ }
Principal clientPeerPrincipal = clientSession.getPeerPrincipal();
assertEquals(serverLocalPrincipal, clientPeerPrincipal);
} finally {
diff --git a/pom.xml b/pom.xml
index 78585f0999..11d947ec32 100644
--- a/pom.xml
+++ b/pom.xml
@@ -98,6 +98,26 @@
+
+ java15
+
+ 15
+
+
+
+
+ true
+
+ 3.0.0-M3
+
+ 2.0.5.Final
+
+ 1.7
+ 1.7
+
+ true
+
+
java14