Use OpenSslClientContext as default if openssl is avaible

Motivation:

As we now support OpenSslEngine for client side, we should use it when avaible.

Modifications:

Use SslProvider.OPENSSL when openssl can be found

Result:

OpenSslEngine is used whenever possible
This commit is contained in:
Norman Maurer 2014-10-30 08:56:07 +01:00 committed by Norman Maurer
parent 0f152cfbc4
commit a2004f25b0
2 changed files with 37 additions and 14 deletions

View File

@ -94,6 +94,29 @@ public final class OpenSslServerContext extends OpenSslContext {
toNegotiator(apn, false), sessionCacheSize, sessionTimeout);
}
/**
* Creates a new instance.
*
* @param certChainFile an X.509 certificate chain file in PEM format
* @param keyFile a PKCS#8 private key file in PEM format
* @param keyPassword the password of the {@code keyFile}.
* {@code null} if it's not password-protected.
* @param ciphers the cipher suites to enable, in the order of preference.
* {@code null} to use the default cipher suites.
* @param config Application protocol config.
* @param sessionCacheSize the size of the cache used for storing SSL session objects.
* {@code 0} to use the default value.
* @param sessionTimeout the timeout for the cached SSL session objects, in seconds.
* {@code 0} to use the default value.
*/
public OpenSslServerContext(
File certChainFile, File keyFile, String keyPassword, TrustManagerFactory trustManagerFactory,
Iterable<String> ciphers, ApplicationProtocolConfig config,
long sessionCacheSize, long sessionTimeout) throws SSLException {
this(certChainFile, keyFile, keyPassword, trustManagerFactory, ciphers,
toNegotiator(config, true), sessionCacheSize, sessionTimeout);
}
/**
* Creates a new instance.
*

View File

@ -82,20 +82,24 @@ public abstract class SslContext {
* @return {@link SslProvider#OPENSSL} if OpenSSL is available. {@link SslProvider#JDK} otherwise.
*/
public static SslProvider defaultServerProvider() {
if (OpenSsl.isAvailable()) {
return SslProvider.OPENSSL;
} else {
return SslProvider.JDK;
}
return defaultProvider();
}
/**
* Returns the default client-side implementation provider currently in use.
*
* @return {@link SslProvider#JDK}, because it is the only implementation at the moment
* @return {@link SslProvider#OPENSSL} if OpenSSL is available. {@link SslProvider#JDK} otherwise.
*/
public static SslProvider defaultClientProvider() {
return SslProvider.JDK;
return defaultProvider();
}
private static SslProvider defaultProvider() {
if (OpenSsl.isAvailable()) {
return SslProvider.OPENSSL;
} else {
return SslProvider.JDK;
}
}
/**
@ -246,7 +250,7 @@ public abstract class SslContext {
long sessionCacheSize, long sessionTimeout) throws SSLException {
if (provider == null) {
provider = OpenSsl.isAvailable()? SslProvider.OPENSSL : SslProvider.JDK;
provider = defaultServerProvider();
}
switch (provider) {
@ -256,7 +260,7 @@ public abstract class SslContext {
keyManagerFactory, ciphers, cipherFilter, apn, sessionCacheSize, sessionTimeout);
case OPENSSL:
return new OpenSslServerContext(
keyCertChainFile, keyFile, keyPassword,
keyCertChainFile, keyFile, keyPassword, trustManagerFactory,
ciphers, apn, sessionCacheSize, sessionTimeout);
default:
throw new Error(provider.toString());
@ -470,12 +474,8 @@ public abstract class SslContext {
File keyCertChainFile, File keyFile, String keyPassword, KeyManagerFactory keyManagerFactory,
Iterable<String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn,
long sessionCacheSize, long sessionTimeout) throws SSLException {
if (provider != null && provider != SslProvider.JDK) {
throw new SSLException("client context unsupported for: " + provider);
}
if (provider == null) {
provider = SslProvider.JDK;
provider = defaultClientProvider();
}
switch (provider) {
case JDK: