Use OpenSslClientContext as default if openssl is avaible
Motivation: As we now support OpenSslEngine for client side, we should use it when avaible. Modifications: Use SslProvider.OPENSSL when openssl can be found Result: OpenSslEngine is used whenever possible
This commit is contained in:
parent
0f152cfbc4
commit
a2004f25b0
@ -94,6 +94,29 @@ public final class OpenSslServerContext extends OpenSslContext {
|
|||||||
toNegotiator(apn, false), sessionCacheSize, sessionTimeout);
|
toNegotiator(apn, false), sessionCacheSize, sessionTimeout);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Creates a new instance.
|
||||||
|
*
|
||||||
|
* @param certChainFile an X.509 certificate chain file in PEM format
|
||||||
|
* @param keyFile a PKCS#8 private key file in PEM format
|
||||||
|
* @param keyPassword the password of the {@code keyFile}.
|
||||||
|
* {@code null} if it's not password-protected.
|
||||||
|
* @param ciphers the cipher suites to enable, in the order of preference.
|
||||||
|
* {@code null} to use the default cipher suites.
|
||||||
|
* @param config Application protocol config.
|
||||||
|
* @param sessionCacheSize the size of the cache used for storing SSL session objects.
|
||||||
|
* {@code 0} to use the default value.
|
||||||
|
* @param sessionTimeout the timeout for the cached SSL session objects, in seconds.
|
||||||
|
* {@code 0} to use the default value.
|
||||||
|
*/
|
||||||
|
public OpenSslServerContext(
|
||||||
|
File certChainFile, File keyFile, String keyPassword, TrustManagerFactory trustManagerFactory,
|
||||||
|
Iterable<String> ciphers, ApplicationProtocolConfig config,
|
||||||
|
long sessionCacheSize, long sessionTimeout) throws SSLException {
|
||||||
|
this(certChainFile, keyFile, keyPassword, trustManagerFactory, ciphers,
|
||||||
|
toNegotiator(config, true), sessionCacheSize, sessionTimeout);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Creates a new instance.
|
* Creates a new instance.
|
||||||
*
|
*
|
||||||
|
@ -82,20 +82,24 @@ public abstract class SslContext {
|
|||||||
* @return {@link SslProvider#OPENSSL} if OpenSSL is available. {@link SslProvider#JDK} otherwise.
|
* @return {@link SslProvider#OPENSSL} if OpenSSL is available. {@link SslProvider#JDK} otherwise.
|
||||||
*/
|
*/
|
||||||
public static SslProvider defaultServerProvider() {
|
public static SslProvider defaultServerProvider() {
|
||||||
if (OpenSsl.isAvailable()) {
|
return defaultProvider();
|
||||||
return SslProvider.OPENSSL;
|
|
||||||
} else {
|
|
||||||
return SslProvider.JDK;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns the default client-side implementation provider currently in use.
|
* Returns the default client-side implementation provider currently in use.
|
||||||
*
|
*
|
||||||
* @return {@link SslProvider#JDK}, because it is the only implementation at the moment
|
* @return {@link SslProvider#OPENSSL} if OpenSSL is available. {@link SslProvider#JDK} otherwise.
|
||||||
*/
|
*/
|
||||||
public static SslProvider defaultClientProvider() {
|
public static SslProvider defaultClientProvider() {
|
||||||
return SslProvider.JDK;
|
return defaultProvider();
|
||||||
|
}
|
||||||
|
|
||||||
|
private static SslProvider defaultProvider() {
|
||||||
|
if (OpenSsl.isAvailable()) {
|
||||||
|
return SslProvider.OPENSSL;
|
||||||
|
} else {
|
||||||
|
return SslProvider.JDK;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -246,7 +250,7 @@ public abstract class SslContext {
|
|||||||
long sessionCacheSize, long sessionTimeout) throws SSLException {
|
long sessionCacheSize, long sessionTimeout) throws SSLException {
|
||||||
|
|
||||||
if (provider == null) {
|
if (provider == null) {
|
||||||
provider = OpenSsl.isAvailable()? SslProvider.OPENSSL : SslProvider.JDK;
|
provider = defaultServerProvider();
|
||||||
}
|
}
|
||||||
|
|
||||||
switch (provider) {
|
switch (provider) {
|
||||||
@ -256,7 +260,7 @@ public abstract class SslContext {
|
|||||||
keyManagerFactory, ciphers, cipherFilter, apn, sessionCacheSize, sessionTimeout);
|
keyManagerFactory, ciphers, cipherFilter, apn, sessionCacheSize, sessionTimeout);
|
||||||
case OPENSSL:
|
case OPENSSL:
|
||||||
return new OpenSslServerContext(
|
return new OpenSslServerContext(
|
||||||
keyCertChainFile, keyFile, keyPassword,
|
keyCertChainFile, keyFile, keyPassword, trustManagerFactory,
|
||||||
ciphers, apn, sessionCacheSize, sessionTimeout);
|
ciphers, apn, sessionCacheSize, sessionTimeout);
|
||||||
default:
|
default:
|
||||||
throw new Error(provider.toString());
|
throw new Error(provider.toString());
|
||||||
@ -470,12 +474,8 @@ public abstract class SslContext {
|
|||||||
File keyCertChainFile, File keyFile, String keyPassword, KeyManagerFactory keyManagerFactory,
|
File keyCertChainFile, File keyFile, String keyPassword, KeyManagerFactory keyManagerFactory,
|
||||||
Iterable<String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn,
|
Iterable<String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn,
|
||||||
long sessionCacheSize, long sessionTimeout) throws SSLException {
|
long sessionCacheSize, long sessionTimeout) throws SSLException {
|
||||||
|
|
||||||
if (provider != null && provider != SslProvider.JDK) {
|
|
||||||
throw new SSLException("client context unsupported for: " + provider);
|
|
||||||
}
|
|
||||||
if (provider == null) {
|
if (provider == null) {
|
||||||
provider = SslProvider.JDK;
|
provider = defaultClientProvider();
|
||||||
}
|
}
|
||||||
switch (provider) {
|
switch (provider) {
|
||||||
case JDK:
|
case JDK:
|
||||||
|
Loading…
x
Reference in New Issue
Block a user