Remove usage of io.netty.handler.ssl.openssl.useKeyManagerFactory system property
Motivation: Usafe of io.netty.handler.ssl.openssl.useKeyManagerFactory system property was deprecated in 4.1 so let us remove it. Modifications: Remove io.netty.handler.ssl.openssl.useKeyManagerFactory usage. Result: Remove support of deprecated system property
This commit is contained in:
parent
e4ef8f6ff3
commit
bbb397ac5c
@ -33,8 +33,6 @@ import io.netty.util.internal.logging.InternalLogger;
|
||||
import io.netty.util.internal.logging.InternalLoggerFactory;
|
||||
|
||||
import java.io.ByteArrayInputStream;
|
||||
import java.security.AccessController;
|
||||
import java.security.PrivilegedAction;
|
||||
import java.security.cert.CertificateException;
|
||||
import java.security.cert.X509Certificate;
|
||||
import java.util.ArrayList;
|
||||
@ -59,7 +57,6 @@ public final class OpenSsl {
|
||||
private static final Set<String> AVAILABLE_OPENSSL_CIPHER_SUITES;
|
||||
private static final Set<String> AVAILABLE_JAVA_CIPHER_SUITES;
|
||||
private static final boolean SUPPORTS_KEYMANAGER_FACTORY;
|
||||
private static final boolean USE_KEYMANAGER_FACTORY;
|
||||
private static final boolean SUPPORTS_OCSP;
|
||||
private static final boolean TLSV13_SUPPORTED;
|
||||
private static final boolean IS_BORINGSSL;
|
||||
@ -245,13 +242,6 @@ public final class OpenSsl {
|
||||
|
||||
SSL.setKeyMaterial(ssl, cert, key);
|
||||
supportsKeyManagerFactory = true;
|
||||
try {
|
||||
useKeyManagerFactory = AccessController.doPrivileged((PrivilegedAction<Boolean>) () ->
|
||||
SystemPropertyUtil.getBoolean(
|
||||
"io.netty.handler.ssl.openssl.useKeyManagerFactory", true));
|
||||
} catch (Throwable ignore) {
|
||||
logger.debug("Failed to get useKeyManagerFactory system property.");
|
||||
}
|
||||
} catch (Throwable ignore) {
|
||||
logger.debug("KeyManagerFactory not supported.");
|
||||
} finally {
|
||||
@ -307,7 +297,6 @@ public final class OpenSsl {
|
||||
|
||||
AVAILABLE_CIPHER_SUITES = availableCipherSuites;
|
||||
SUPPORTS_KEYMANAGER_FACTORY = supportsKeyManagerFactory;
|
||||
USE_KEYMANAGER_FACTORY = useKeyManagerFactory;
|
||||
|
||||
Set<String> protocols = new LinkedHashSet<>(6);
|
||||
// Seems like there is no way to explicitly disable SSLv2Hello in openssl so it is always enabled
|
||||
@ -349,7 +338,6 @@ public final class OpenSsl {
|
||||
AVAILABLE_JAVA_CIPHER_SUITES = Collections.emptySet();
|
||||
AVAILABLE_CIPHER_SUITES = Collections.emptySet();
|
||||
SUPPORTS_KEYMANAGER_FACTORY = false;
|
||||
USE_KEYMANAGER_FACTORY = false;
|
||||
SUPPORTED_PROTOCOLS_SET = Collections.emptySet();
|
||||
SUPPORTS_OCSP = false;
|
||||
TLSV13_SUPPORTED = false;
|
||||
@ -519,10 +507,6 @@ public final class OpenSsl {
|
||||
return isAvailable();
|
||||
}
|
||||
|
||||
static boolean useKeyManagerFactory() {
|
||||
return USE_KEYMANAGER_FACTORY;
|
||||
}
|
||||
|
||||
static long memoryAddress(ByteBuf buf) {
|
||||
assert buf.isDirect();
|
||||
return buf.hasMemoryAddress() ? buf.memoryAddress() : Buffer.address(buf.nioBuffer());
|
||||
|
@ -96,7 +96,7 @@ public final class ReferenceCountedOpenSslClientContext extends ReferenceCounted
|
||||
OpenSslKeyMaterialProvider keyMaterialProvider = null;
|
||||
try {
|
||||
try {
|
||||
if (!OpenSsl.useKeyManagerFactory()) {
|
||||
if (!OpenSsl.supportsKeyManagerFactory()) {
|
||||
if (keyManagerFactory != null) {
|
||||
throw new IllegalArgumentException(
|
||||
"KeyManagerFactory not supported");
|
||||
|
@ -98,7 +98,7 @@ public final class ReferenceCountedOpenSslServerContext extends ReferenceCounted
|
||||
try {
|
||||
try {
|
||||
SSLContext.setVerify(ctx, SSL.SSL_CVERIFY_NONE, VERIFY_DEPTH);
|
||||
if (!OpenSsl.useKeyManagerFactory()) {
|
||||
if (!OpenSsl.supportsKeyManagerFactory()) {
|
||||
if (keyManagerFactory != null) {
|
||||
throw new IllegalArgumentException(
|
||||
"KeyManagerFactory not supported");
|
||||
|
@ -22,6 +22,6 @@ final class OpenSslTestUtils {
|
||||
}
|
||||
|
||||
static void checkShouldUseKeyManagerFactory() {
|
||||
assumeTrue(OpenSsl.supportsKeyManagerFactory() && OpenSsl.useKeyManagerFactory());
|
||||
assumeTrue(OpenSsl.supportsKeyManagerFactory());
|
||||
}
|
||||
}
|
||||
|
@ -46,7 +46,7 @@ public class PemEncodedTest {
|
||||
|
||||
private static void testPemEncoded(SslProvider provider) throws Exception {
|
||||
assumeTrue(OpenSsl.isAvailable());
|
||||
assumeFalse(OpenSsl.useKeyManagerFactory());
|
||||
assumeFalse(OpenSsl.supportsKeyManagerFactory());
|
||||
PemPrivateKey pemKey;
|
||||
PemX509Certificate pemCert;
|
||||
SelfSignedCertificate ssc = new SelfSignedCertificate();
|
||||
|
@ -100,7 +100,7 @@ public class SniClientTest {
|
||||
Channel cc = null;
|
||||
try {
|
||||
if ((sslServerProvider == SslProvider.OPENSSL || sslServerProvider == SslProvider.OPENSSL_REFCNT)
|
||||
&& !OpenSsl.useKeyManagerFactory()) {
|
||||
&& !OpenSsl.supportsKeyManagerFactory()) {
|
||||
sslServerContext = SslContextBuilder.forServer(cert.certificate(), cert.privateKey())
|
||||
.sslProvider(sslServerProvider)
|
||||
.build();
|
||||
|
Loading…
Reference in New Issue
Block a user