diff --git a/handler/src/main/java/io/netty/handler/ssl/Conscrypt.java b/handler/src/main/java/io/netty/handler/ssl/Conscrypt.java
index c4c9182c41..d2f015f90f 100644
--- a/handler/src/main/java/io/netty/handler/ssl/Conscrypt.java
+++ b/handler/src/main/java/io/netty/handler/ssl/Conscrypt.java
@@ -57,7 +57,10 @@ final class Conscrypt {
*/
static boolean isAvailable() {
return CAN_INSTANCE_PROVIDER && IS_CONSCRYPT_SSLENGINE != null &&
- (PlatformDependent.javaVersion() >= 8 || PlatformDependent.isAndroid());
+ ((PlatformDependent.javaVersion() >= 8 &&
+ // Only works on Java14 and earlier for now
+ // See https://github.com/google/conscrypt/issues/838
+ PlatformDependent.javaVersion() < 15) || PlatformDependent.isAndroid());
}
static boolean isEngineSupported(SSLEngine engine) {
diff --git a/handler/src/test/java/io/netty/handler/ssl/SSLEngineTest.java b/handler/src/test/java/io/netty/handler/ssl/SSLEngineTest.java
index c01d6c8bb8..9622791d93 100644
--- a/handler/src/test/java/io/netty/handler/ssl/SSLEngineTest.java
+++ b/handler/src/test/java/io/netty/handler/ssl/SSLEngineTest.java
@@ -1003,8 +1003,13 @@ public abstract class SSLEngineTest {
assertEquals(1, session.getPeerCertificates().length);
assertArrayEquals(certBytes, session.getPeerCertificates()[0].getEncoded());
- assertEquals(1, session.getPeerCertificateChain().length);
- assertArrayEquals(certBytes, session.getPeerCertificateChain()[0].getEncoded());
+ try {
+ assertEquals(1, session.getPeerCertificateChain().length);
+ assertArrayEquals(certBytes, session.getPeerCertificateChain()[0].getEncoded());
+ } catch (UnsupportedOperationException e) {
+ // See https://bugs.openjdk.java.net/browse/JDK-8241039
+ assertTrue(PlatformDependent.javaVersion() >= 15);
+ }
assertEquals(1, session.getLocalCertificates().length);
assertArrayEquals(certBytes, session.getLocalCertificates()[0].getEncoded());
@@ -1740,20 +1745,36 @@ public abstract class SSLEngineTest {
Throwable cause = ((SslHandshakeCompletionEvent) evt).cause();
if (cause == null) {
SSLSession session = ((SslHandler) ctx.pipeline().first()).engine().getSession();
- X509Certificate[] peerCertificateChain = session.getPeerCertificateChain();
Certificate[] peerCertificates = session.getPeerCertificates();
- if (peerCertificateChain == null) {
- promise.setFailure(new NullPointerException("peerCertificateChain"));
- } else if (peerCertificates == null) {
+ if (peerCertificates == null) {
promise.setFailure(new NullPointerException("peerCertificates"));
- } else if (peerCertificateChain.length + peerCertificates.length != 4) {
- String excTxtFmt = "peerCertificateChain.length:%s, peerCertificates.length:%s";
- promise.setFailure(new IllegalStateException(String.format(excTxtFmt,
- peerCertificateChain.length,
- peerCertificates.length)));
- } else {
- for (int i = 0; i < peerCertificateChain.length; i++) {
- if (peerCertificateChain[i] == null || peerCertificates[i] == null) {
+ return;
+ }
+ try {
+ X509Certificate[] peerCertificateChain = session.getPeerCertificateChain();
+ if (peerCertificateChain == null) {
+ promise.setFailure(new NullPointerException("peerCertificateChain"));
+ } else if (peerCertificateChain.length + peerCertificates.length != 4) {
+ String excTxtFmt = "peerCertificateChain.length:%s, peerCertificates.length:%s";
+ promise.setFailure(new IllegalStateException(String.format(excTxtFmt,
+ peerCertificateChain.length,
+ peerCertificates.length)));
+ } else {
+ for (int i = 0; i < peerCertificateChain.length; i++) {
+ if (peerCertificateChain[i] == null || peerCertificates[i] == null) {
+ promise.setFailure(
+ new IllegalStateException("Certificate in chain is null"));
+ return;
+ }
+ }
+ promise.setSuccess(null);
+ }
+ } catch (UnsupportedOperationException e) {
+ // See https://bugs.openjdk.java.net/browse/JDK-8241039
+ assertTrue(PlatformDependent.javaVersion() >= 15);
+ assertEquals(2, peerCertificates.length);
+ for (int i = 0; i < peerCertificates.length; i++) {
+ if (peerCertificates[i] == null) {
promise.setFailure(
new IllegalStateException("Certificate in chain is null"));
return;
@@ -2981,7 +3002,7 @@ public abstract class SSLEngineTest {
// Workaround for JDK 14 regression.
// See https://bugs.openjdk.java.net/browse/JDK-8242008
- if (PlatformDependent.javaVersion() < 14) {
+ if (PlatformDependent.javaVersion() != 14) {
assertNotNull(serverSession.getSessionContext());
}
@@ -3016,9 +3037,15 @@ public abstract class SSLEngineTest {
assertEquals(1, serverPeerCertificates.length);
assertArrayEquals(clientLocalCertificates[0].getEncoded(), serverPeerCertificates[0].getEncoded());
- X509Certificate[] serverPeerX509Certificates = serverSession.getPeerCertificateChain();
- assertEquals(1, serverPeerX509Certificates.length);
- assertArrayEquals(clientLocalCertificates[0].getEncoded(), serverPeerX509Certificates[0].getEncoded());
+ try {
+ X509Certificate[] serverPeerX509Certificates = serverSession.getPeerCertificateChain();
+ assertEquals(1, serverPeerX509Certificates.length);
+ assertArrayEquals(clientLocalCertificates[0].getEncoded(),
+ serverPeerX509Certificates[0].getEncoded());
+ } catch (UnsupportedOperationException e) {
+ // See https://bugs.openjdk.java.net/browse/JDK-8241039
+ assertTrue(PlatformDependent.javaVersion() >= 15);
+ }
Principal clientLocalPrincipial = clientSession.getLocalPrincipal();
assertNotNull(clientLocalPrincipial);
@@ -3041,6 +3068,9 @@ public abstract class SSLEngineTest {
fail();
} catch (SSLPeerUnverifiedException expected) {
// As we did not use mutual auth this is expected
+ } catch (UnsupportedOperationException e) {
+ // See https://bugs.openjdk.java.net/browse/JDK-8241039
+ assertTrue(PlatformDependent.javaVersion() >= 15);
}
try {
@@ -3055,10 +3085,14 @@ public abstract class SSLEngineTest {
assertEquals(1, clientPeerCertificates.length);
assertArrayEquals(serverLocalCertificates[0].getEncoded(), clientPeerCertificates[0].getEncoded());
- X509Certificate[] clientPeerX509Certificates = clientSession.getPeerCertificateChain();
- assertEquals(1, clientPeerX509Certificates.length);
- assertArrayEquals(serverLocalCertificates[0].getEncoded(), clientPeerX509Certificates[0].getEncoded());
-
+ try {
+ X509Certificate[] clientPeerX509Certificates = clientSession.getPeerCertificateChain();
+ assertEquals(1, clientPeerX509Certificates.length);
+ assertArrayEquals(serverLocalCertificates[0].getEncoded(), clientPeerX509Certificates[0].getEncoded());
+ } catch (UnsupportedOperationException e) {
+ // See https://bugs.openjdk.java.net/browse/JDK-8241039
+ assertTrue(PlatformDependent.javaVersion() >= 15);
+ }
Principal clientPeerPrincipal = clientSession.getPeerPrincipal();
assertEquals(serverLocalPrincipal, clientPeerPrincipal);
} finally {
diff --git a/pom.xml b/pom.xml
index 53316653e0..3e636aa267 100644
--- a/pom.xml
+++ b/pom.xml
@@ -98,6 +98,26 @@
+
+ java15
+
+ 15
+
+
+
+
+ true
+
+ 3.0.0-M3
+
+ 2.0.5.Final
+
+ 1.7
+ 1.7
+
+ true
+
+
java14