Expose SSL_CTX and SSL pointers
Motivation: For advanced use-cases it an be helpful to be able to directly access the SSL_CTX and SSL pointers of the underlying openssl objects. This for example allows to register custom C callbacks. Modifications: - Expose the SSL_CTX and SSL pointers - Cleanup the shutdown code Result: It's now possible to obtain the c pointes and set native callbacks.
This commit is contained in:
parent
2c479b77c1
commit
9e125d8456
@ -252,7 +252,7 @@ public final class OpenSslClientContext extends OpenSslContext {
|
|||||||
success = true;
|
success = true;
|
||||||
} finally {
|
} finally {
|
||||||
if (!success) {
|
if (!success) {
|
||||||
destroyPools();
|
destroy();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -37,7 +37,6 @@ import java.util.Arrays;
|
|||||||
import java.util.Collections;
|
import java.util.Collections;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
import java.util.concurrent.atomic.AtomicIntegerFieldUpdater;
|
|
||||||
|
|
||||||
import static io.netty.util.internal.ObjectUtil.checkNotNull;
|
import static io.netty.util.internal.ObjectUtil.checkNotNull;
|
||||||
import static io.netty.handler.ssl.ApplicationProtocolConfig.SelectorFailureBehavior;
|
import static io.netty.handler.ssl.ApplicationProtocolConfig.SelectorFailureBehavior;
|
||||||
@ -57,12 +56,13 @@ public abstract class OpenSslContext extends SslContext {
|
|||||||
private static final boolean JDK_REJECT_CLIENT_INITIATED_RENEGOTIATION =
|
private static final boolean JDK_REJECT_CLIENT_INITIATED_RENEGOTIATION =
|
||||||
SystemPropertyUtil.getBoolean("jdk.tls.rejectClientInitiatedRenegotiation", false);
|
SystemPropertyUtil.getBoolean("jdk.tls.rejectClientInitiatedRenegotiation", false);
|
||||||
private static final List<String> DEFAULT_CIPHERS;
|
private static final List<String> DEFAULT_CIPHERS;
|
||||||
private static final AtomicIntegerFieldUpdater<OpenSslContext> DESTROY_UPDATER;
|
|
||||||
|
|
||||||
// TODO: Maybe make configurable ?
|
// TODO: Maybe make configurable ?
|
||||||
protected static final int VERIFY_DEPTH = 10;
|
protected static final int VERIFY_DEPTH = 10;
|
||||||
|
|
||||||
private final long aprPool;
|
/** The OpenSSL SSL_CTX object */
|
||||||
|
protected volatile long ctx;
|
||||||
|
private long aprPool;
|
||||||
@SuppressWarnings({ "unused", "FieldMayBeFinal" })
|
@SuppressWarnings({ "unused", "FieldMayBeFinal" })
|
||||||
private volatile int aprPoolDestroyed;
|
private volatile int aprPoolDestroyed;
|
||||||
private volatile boolean rejectRemoteInitiatedRenegotiation;
|
private volatile boolean rejectRemoteInitiatedRenegotiation;
|
||||||
@ -70,10 +70,7 @@ public abstract class OpenSslContext extends SslContext {
|
|||||||
private final long sessionCacheSize;
|
private final long sessionCacheSize;
|
||||||
private final long sessionTimeout;
|
private final long sessionTimeout;
|
||||||
private final OpenSslEngineMap engineMap = new DefaultOpenSslEngineMap();
|
private final OpenSslEngineMap engineMap = new DefaultOpenSslEngineMap();
|
||||||
|
|
||||||
private final OpenSslApplicationProtocolNegotiator apn;
|
private final OpenSslApplicationProtocolNegotiator apn;
|
||||||
/** The OpenSSL SSL_CTX object */
|
|
||||||
protected final long ctx;
|
|
||||||
private final int mode;
|
private final int mode;
|
||||||
|
|
||||||
static final OpenSslApplicationProtocolNegotiator NONE_PROTOCOL_NEGOTIATOR =
|
static final OpenSslApplicationProtocolNegotiator NONE_PROTOCOL_NEGOTIATOR =
|
||||||
@ -117,13 +114,6 @@ public abstract class OpenSslContext extends SslContext {
|
|||||||
if (logger.isDebugEnabled()) {
|
if (logger.isDebugEnabled()) {
|
||||||
logger.debug("Default cipher suite (OpenSSL): " + ciphers);
|
logger.debug("Default cipher suite (OpenSSL): " + ciphers);
|
||||||
}
|
}
|
||||||
|
|
||||||
AtomicIntegerFieldUpdater<OpenSslContext> updater =
|
|
||||||
PlatformDependent.newAtomicIntegerFieldUpdater(OpenSslContext.class, "aprPoolDestroyed");
|
|
||||||
if (updater == null) {
|
|
||||||
updater = AtomicIntegerFieldUpdater.newUpdater(OpenSslContext.class, "aprPoolDestroyed");
|
|
||||||
}
|
|
||||||
DESTROY_UPDATER = updater;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
OpenSslContext(Iterable<String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apnCfg,
|
OpenSslContext(Iterable<String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apnCfg,
|
||||||
@ -245,7 +235,7 @@ public abstract class OpenSslContext extends SslContext {
|
|||||||
success = true;
|
success = true;
|
||||||
} finally {
|
} finally {
|
||||||
if (!success) {
|
if (!success) {
|
||||||
destroyPools();
|
destroy();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -303,8 +293,13 @@ public abstract class OpenSslContext extends SslContext {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns the {@code SSL_CTX} object of this context.
|
* Returns the pointer to the {@code SSL_CTX} object for this {@link OpenSslContext}.
|
||||||
|
* Be aware that it is freed as soon as the {@link #finalize()} method is called.
|
||||||
|
* At this point {@code 0} will be returned.
|
||||||
|
*
|
||||||
|
* @deprecated use {@link #sslCtxPointer()}
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
public final long context() {
|
public final long context() {
|
||||||
return ctx;
|
return ctx;
|
||||||
}
|
}
|
||||||
@ -330,13 +325,7 @@ public abstract class OpenSslContext extends SslContext {
|
|||||||
@SuppressWarnings("FinalizeDeclaration")
|
@SuppressWarnings("FinalizeDeclaration")
|
||||||
protected final void finalize() throws Throwable {
|
protected final void finalize() throws Throwable {
|
||||||
super.finalize();
|
super.finalize();
|
||||||
synchronized (OpenSslContext.class) {
|
destroy();
|
||||||
if (ctx != 0) {
|
|
||||||
SSLContext.free(ctx);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
destroyPools();
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -351,10 +340,27 @@ public abstract class OpenSslContext extends SslContext {
|
|||||||
@Override
|
@Override
|
||||||
public abstract OpenSslSessionContext sessionContext();
|
public abstract OpenSslSessionContext sessionContext();
|
||||||
|
|
||||||
protected final void destroyPools() {
|
/**
|
||||||
// Guard against multiple destroyPools() calls triggered by construction exception and finalize() later
|
* Returns the pointer to the {@code SSL_CTX} object for this {@link OpenSslContext}.
|
||||||
if (aprPool != 0 && DESTROY_UPDATER.compareAndSet(this, 0, 1)) {
|
* Be aware that it is freed as soon as the {@link #finalize()} method is called.
|
||||||
Pool.destroy(aprPool);
|
* At this point {@code 0} will be returned.
|
||||||
|
*/
|
||||||
|
public final long sslCtxPointer() {
|
||||||
|
return ctx;
|
||||||
|
}
|
||||||
|
|
||||||
|
protected final void destroy() {
|
||||||
|
synchronized (OpenSslContext.class) {
|
||||||
|
if (ctx != 0) {
|
||||||
|
SSLContext.free(ctx);
|
||||||
|
ctx = 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Guard against multiple destroyPools() calls triggered by construction exception and finalize() later
|
||||||
|
if (aprPool != 0) {
|
||||||
|
Pool.destroy(aprPool);
|
||||||
|
aprPool = 0;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -450,7 +456,7 @@ public abstract class OpenSslContext extends SslContext {
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void add(OpenSslEngine engine) {
|
public void add(OpenSslEngine engine) {
|
||||||
engines.put(engine.ssl(), engine);
|
engines.put(engine.sslPointer(), engine);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -228,7 +228,12 @@ public final class OpenSslEngine extends SSLEngine {
|
|||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
long ssl() {
|
/**
|
||||||
|
* Returns the pointer to the {@code SSL} object for this {@link OpenSslEngine}.
|
||||||
|
* Be aware that it is freed as soon as the {@link #finalize()} or {@link #shutdown} method is called.
|
||||||
|
* At this point {@code 0} will be returned.
|
||||||
|
*/
|
||||||
|
public synchronized long sslPointer() {
|
||||||
return ssl;
|
return ssl;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -406,7 +406,7 @@ public final class OpenSslServerContext extends OpenSslContext {
|
|||||||
success = true;
|
success = true;
|
||||||
} finally {
|
} finally {
|
||||||
if (!success) {
|
if (!success) {
|
||||||
destroyPools();
|
destroy();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user