Expose SSL_CTX and SSL pointers

Motivation:

For advanced use-cases it an be helpful to be able to directly access the SSL_CTX and SSL pointers of the underlying openssl objects. This for example allows to register custom C callbacks.

Modifications:

- Expose the SSL_CTX and SSL pointers
- Cleanup the shutdown code

Result:

It's now possible to obtain the c pointes and set native callbacks.
This commit is contained in:
Norman Maurer 2015-06-05 07:23:09 +02:00
parent 2c479b77c1
commit 9e125d8456
4 changed files with 41 additions and 30 deletions

View File

@ -252,7 +252,7 @@ public final class OpenSslClientContext extends OpenSslContext {
success = true; success = true;
} finally { } finally {
if (!success) { if (!success) {
destroyPools(); destroy();
} }
} }
} }

View File

@ -37,7 +37,6 @@ import java.util.Arrays;
import java.util.Collections; import java.util.Collections;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
import java.util.concurrent.atomic.AtomicIntegerFieldUpdater;
import static io.netty.util.internal.ObjectUtil.checkNotNull; import static io.netty.util.internal.ObjectUtil.checkNotNull;
import static io.netty.handler.ssl.ApplicationProtocolConfig.SelectorFailureBehavior; import static io.netty.handler.ssl.ApplicationProtocolConfig.SelectorFailureBehavior;
@ -57,12 +56,13 @@ public abstract class OpenSslContext extends SslContext {
private static final boolean JDK_REJECT_CLIENT_INITIATED_RENEGOTIATION = private static final boolean JDK_REJECT_CLIENT_INITIATED_RENEGOTIATION =
SystemPropertyUtil.getBoolean("jdk.tls.rejectClientInitiatedRenegotiation", false); SystemPropertyUtil.getBoolean("jdk.tls.rejectClientInitiatedRenegotiation", false);
private static final List<String> DEFAULT_CIPHERS; private static final List<String> DEFAULT_CIPHERS;
private static final AtomicIntegerFieldUpdater<OpenSslContext> DESTROY_UPDATER;
// TODO: Maybe make configurable ? // TODO: Maybe make configurable ?
protected static final int VERIFY_DEPTH = 10; protected static final int VERIFY_DEPTH = 10;
private final long aprPool; /** The OpenSSL SSL_CTX object */
protected volatile long ctx;
private long aprPool;
@SuppressWarnings({ "unused", "FieldMayBeFinal" }) @SuppressWarnings({ "unused", "FieldMayBeFinal" })
private volatile int aprPoolDestroyed; private volatile int aprPoolDestroyed;
private volatile boolean rejectRemoteInitiatedRenegotiation; private volatile boolean rejectRemoteInitiatedRenegotiation;
@ -70,10 +70,7 @@ public abstract class OpenSslContext extends SslContext {
private final long sessionCacheSize; private final long sessionCacheSize;
private final long sessionTimeout; private final long sessionTimeout;
private final OpenSslEngineMap engineMap = new DefaultOpenSslEngineMap(); private final OpenSslEngineMap engineMap = new DefaultOpenSslEngineMap();
private final OpenSslApplicationProtocolNegotiator apn; private final OpenSslApplicationProtocolNegotiator apn;
/** The OpenSSL SSL_CTX object */
protected final long ctx;
private final int mode; private final int mode;
static final OpenSslApplicationProtocolNegotiator NONE_PROTOCOL_NEGOTIATOR = static final OpenSslApplicationProtocolNegotiator NONE_PROTOCOL_NEGOTIATOR =
@ -117,13 +114,6 @@ public abstract class OpenSslContext extends SslContext {
if (logger.isDebugEnabled()) { if (logger.isDebugEnabled()) {
logger.debug("Default cipher suite (OpenSSL): " + ciphers); logger.debug("Default cipher suite (OpenSSL): " + ciphers);
} }
AtomicIntegerFieldUpdater<OpenSslContext> updater =
PlatformDependent.newAtomicIntegerFieldUpdater(OpenSslContext.class, "aprPoolDestroyed");
if (updater == null) {
updater = AtomicIntegerFieldUpdater.newUpdater(OpenSslContext.class, "aprPoolDestroyed");
}
DESTROY_UPDATER = updater;
} }
OpenSslContext(Iterable<String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apnCfg, OpenSslContext(Iterable<String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apnCfg,
@ -245,7 +235,7 @@ public abstract class OpenSslContext extends SslContext {
success = true; success = true;
} finally { } finally {
if (!success) { if (!success) {
destroyPools(); destroy();
} }
} }
} }
@ -303,8 +293,13 @@ public abstract class OpenSslContext extends SslContext {
} }
/** /**
* Returns the {@code SSL_CTX} object of this context. * Returns the pointer to the {@code SSL_CTX} object for this {@link OpenSslContext}.
* Be aware that it is freed as soon as the {@link #finalize()} method is called.
* At this point {@code 0} will be returned.
*
* @deprecated use {@link #sslCtxPointer()}
*/ */
@Deprecated
public final long context() { public final long context() {
return ctx; return ctx;
} }
@ -330,13 +325,7 @@ public abstract class OpenSslContext extends SslContext {
@SuppressWarnings("FinalizeDeclaration") @SuppressWarnings("FinalizeDeclaration")
protected final void finalize() throws Throwable { protected final void finalize() throws Throwable {
super.finalize(); super.finalize();
synchronized (OpenSslContext.class) { destroy();
if (ctx != 0) {
SSLContext.free(ctx);
}
}
destroyPools();
} }
/** /**
@ -351,10 +340,27 @@ public abstract class OpenSslContext extends SslContext {
@Override @Override
public abstract OpenSslSessionContext sessionContext(); public abstract OpenSslSessionContext sessionContext();
protected final void destroyPools() { /**
// Guard against multiple destroyPools() calls triggered by construction exception and finalize() later * Returns the pointer to the {@code SSL_CTX} object for this {@link OpenSslContext}.
if (aprPool != 0 && DESTROY_UPDATER.compareAndSet(this, 0, 1)) { * Be aware that it is freed as soon as the {@link #finalize()} method is called.
Pool.destroy(aprPool); * At this point {@code 0} will be returned.
*/
public final long sslCtxPointer() {
return ctx;
}
protected final void destroy() {
synchronized (OpenSslContext.class) {
if (ctx != 0) {
SSLContext.free(ctx);
ctx = 0;
}
// Guard against multiple destroyPools() calls triggered by construction exception and finalize() later
if (aprPool != 0) {
Pool.destroy(aprPool);
aprPool = 0;
}
} }
} }
@ -450,7 +456,7 @@ public abstract class OpenSslContext extends SslContext {
@Override @Override
public void add(OpenSslEngine engine) { public void add(OpenSslEngine engine) {
engines.put(engine.ssl(), engine); engines.put(engine.sslPointer(), engine);
} }
} }
} }

View File

@ -228,7 +228,12 @@ public final class OpenSslEngine extends SSLEngine {
return null; return null;
} }
long ssl() { /**
* Returns the pointer to the {@code SSL} object for this {@link OpenSslEngine}.
* Be aware that it is freed as soon as the {@link #finalize()} or {@link #shutdown} method is called.
* At this point {@code 0} will be returned.
*/
public synchronized long sslPointer() {
return ssl; return ssl;
} }

View File

@ -406,7 +406,7 @@ public final class OpenSslServerContext extends OpenSslContext {
success = true; success = true;
} finally { } finally {
if (!success) { if (!success) {
destroyPools(); destroy();
} }
} }
} }