From a2004f25b0ab922855eac0affdb2f79074e72241 Mon Sep 17 00:00:00 2001
From: Norman Maurer <norman_maurer@apple.com>
Date: Thu, 30 Oct 2014 08:56:07 +0100
Subject: [PATCH] Use OpenSslClientContext as default if openssl is avaible

Motivation:

As we now support OpenSslEngine for client side, we should use it when avaible.

Modifications:

Use SslProvider.OPENSSL when openssl can be found

Result:

OpenSslEngine is used whenever possible
---
 .../handler/ssl/OpenSslServerContext.java     | 23 +++++++++++++++
 .../java/io/netty/handler/ssl/SslContext.java | 28 +++++++++----------
 2 files changed, 37 insertions(+), 14 deletions(-)

diff --git a/handler/src/main/java/io/netty/handler/ssl/OpenSslServerContext.java b/handler/src/main/java/io/netty/handler/ssl/OpenSslServerContext.java
index ec7fc981ee..93a98d1456 100644
--- a/handler/src/main/java/io/netty/handler/ssl/OpenSslServerContext.java
+++ b/handler/src/main/java/io/netty/handler/ssl/OpenSslServerContext.java
@@ -94,6 +94,29 @@ public final class OpenSslServerContext extends OpenSslContext {
             toNegotiator(apn, false), sessionCacheSize, sessionTimeout);
     }
 
+    /**
+     * Creates a new instance.
+     *
+     * @param certChainFile an X.509 certificate chain file in PEM format
+     * @param keyFile a PKCS#8 private key file in PEM format
+     * @param keyPassword the password of the {@code keyFile}.
+     *                    {@code null} if it's not password-protected.
+     * @param ciphers the cipher suites to enable, in the order of preference.
+     *                {@code null} to use the default cipher suites.
+     * @param config Application protocol config.
+     * @param sessionCacheSize the size of the cache used for storing SSL session objects.
+     *                         {@code 0} to use the default value.
+     * @param sessionTimeout the timeout for the cached SSL session objects, in seconds.
+     *                       {@code 0} to use the default value.
+     */
+    public OpenSslServerContext(
+            File certChainFile, File keyFile, String keyPassword, TrustManagerFactory trustManagerFactory,
+            Iterable<String> ciphers, ApplicationProtocolConfig config,
+            long sessionCacheSize, long sessionTimeout) throws SSLException {
+        this(certChainFile, keyFile, keyPassword, trustManagerFactory, ciphers,
+                toNegotiator(config, true), sessionCacheSize, sessionTimeout);
+    }
+
     /**
      * Creates a new instance.
      *
diff --git a/handler/src/main/java/io/netty/handler/ssl/SslContext.java b/handler/src/main/java/io/netty/handler/ssl/SslContext.java
index 9f07e3c306..9532045085 100644
--- a/handler/src/main/java/io/netty/handler/ssl/SslContext.java
+++ b/handler/src/main/java/io/netty/handler/ssl/SslContext.java
@@ -82,20 +82,24 @@ public abstract class SslContext {
      * @return {@link SslProvider#OPENSSL} if OpenSSL is available. {@link SslProvider#JDK} otherwise.
      */
     public static SslProvider defaultServerProvider() {
-        if (OpenSsl.isAvailable()) {
-            return SslProvider.OPENSSL;
-        } else {
-            return SslProvider.JDK;
-        }
+        return defaultProvider();
     }
 
     /**
      * Returns the default client-side implementation provider currently in use.
      *
-     * @return {@link SslProvider#JDK}, because it is the only implementation at the moment
+     * @return {@link SslProvider#OPENSSL} if OpenSSL is available. {@link SslProvider#JDK} otherwise.
      */
     public static SslProvider defaultClientProvider() {
-        return SslProvider.JDK;
+        return defaultProvider();
+    }
+
+    private static SslProvider defaultProvider() {
+        if (OpenSsl.isAvailable()) {
+            return SslProvider.OPENSSL;
+        } else {
+            return SslProvider.JDK;
+        }
     }
 
     /**
@@ -246,7 +250,7 @@ public abstract class SslContext {
             long sessionCacheSize, long sessionTimeout) throws SSLException {
 
         if (provider == null) {
-            provider = OpenSsl.isAvailable()? SslProvider.OPENSSL : SslProvider.JDK;
+            provider = defaultServerProvider();
         }
 
         switch (provider) {
@@ -256,7 +260,7 @@ public abstract class SslContext {
                     keyManagerFactory, ciphers, cipherFilter, apn, sessionCacheSize, sessionTimeout);
         case OPENSSL:
             return new OpenSslServerContext(
-                    keyCertChainFile, keyFile, keyPassword,
+                    keyCertChainFile, keyFile, keyPassword, trustManagerFactory,
                     ciphers, apn, sessionCacheSize, sessionTimeout);
         default:
             throw new Error(provider.toString());
@@ -470,12 +474,8 @@ public abstract class SslContext {
             File keyCertChainFile, File keyFile, String keyPassword, KeyManagerFactory keyManagerFactory,
             Iterable<String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn,
             long sessionCacheSize, long sessionTimeout) throws SSLException {
-
-        if (provider != null && provider != SslProvider.JDK) {
-            throw new SSLException("client context unsupported for: " + provider);
-        }
         if (provider == null) {
-            provider = SslProvider.JDK;
+            provider = defaultClientProvider();
         }
         switch (provider) {
             case JDK: