Log deprecation info message when using 'io.netty.handler.ssl.openssl.useKeyManagerFactory' and ignore it when using BoringSSL (#9162)
Motivation: When we added support for KeyManagerFactory we also allowed to disable it to make the change less risky. This was done years ago and so there is really no need to use the property anyway. Unfortunally due a change in netty-tcnative it is even not supported anymore when using BoringSSL. Modifications: - Log an info message to tell users that 'io.netty.handler.ssl.openssl.useKeyManagerFactory' is deprecated when it is used - Ignore 'io.netty.handler.ssl.openssl.useKeyManagerFactory' when BoringSSL is used. Result: Fixes https://github.com/netty/netty/issues/9147.
This commit is contained in:
parent
2dc686ded1
commit
af98b62150
@ -246,13 +246,24 @@ public final class OpenSsl {
|
||||
SSL.setKeyMaterial(ssl, cert, key);
|
||||
supportsKeyManagerFactory = true;
|
||||
try {
|
||||
useKeyManagerFactory = AccessController.doPrivileged(new PrivilegedAction<Boolean>() {
|
||||
@Override
|
||||
public Boolean run() {
|
||||
return SystemPropertyUtil.getBoolean(
|
||||
boolean propertySet = SystemPropertyUtil.contains(
|
||||
"io.netty.handler.ssl.openssl.useKeyManagerFactory");
|
||||
if (!IS_BORINGSSL) {
|
||||
useKeyManagerFactory = SystemPropertyUtil.getBoolean(
|
||||
"io.netty.handler.ssl.openssl.useKeyManagerFactory", true);
|
||||
|
||||
if (propertySet) {
|
||||
logger.info("System property " +
|
||||
"'io.netty.handler.ssl.openssl.useKeyManagerFactory'" +
|
||||
" is deprecated and so will be ignored in the future");
|
||||
}
|
||||
} else {
|
||||
if (propertySet) {
|
||||
logger.info("System property " +
|
||||
"'io.netty.handler.ssl.openssl.useKeyManagerFactory'" +
|
||||
" is deprecated and will be ignored when using BoringSSL");
|
||||
}
|
||||
}
|
||||
});
|
||||
} catch (Throwable ignore) {
|
||||
logger.debug("Failed to get useKeyManagerFactory system property.");
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user