From bbe2e4d224f839fbe9203bafc16eadf278d76cec Mon Sep 17 00:00:00 2001
From: Norman Maurer <norman_maurer@apple.com>
Date: Sat, 18 Aug 2018 06:26:45 +0200
Subject: [PATCH] We should try to load netty-tcnative before using it in
 OpenSslCertificateException. (#8202)

Motivation:

In OpenSslCertificateException we should ensure we try to load netty-tcnative before trying to use any class from it as otherwise it may throw an error due missing linking of the native libs.

Modifications:

- Ensure we call OpenSsl.isAvailable() before we try to use netty-tcnative for validation
- Add testcase.

Result:

No more errors causing by not loading native libs before trying to use these.
---
 .../handler/ssl/OpenSslCertificateException.java   |  4 +++-
 .../ssl/OpenSslCertificateExceptionTest.java       | 14 ++++++++------
 2 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/handler/src/main/java/io/netty/handler/ssl/OpenSslCertificateException.java b/handler/src/main/java/io/netty/handler/ssl/OpenSslCertificateException.java
index 4672d00787..f20b2d3ba0 100644
--- a/handler/src/main/java/io/netty/handler/ssl/OpenSslCertificateException.java
+++ b/handler/src/main/java/io/netty/handler/ssl/OpenSslCertificateException.java
@@ -70,7 +70,9 @@ public final class OpenSslCertificateException extends CertificateException {
     }
 
     private static int checkErrorCode(int errorCode) {
-        if (!CertificateVerifier.isValid(errorCode)) {
+        // Call OpenSsl.isAvailable() to ensure we try to load the native lib as CertificateVerifier.isValid(...)
+        // will depend on it. If loading fails we will just skip the validation.
+        if (OpenSsl.isAvailable() && !CertificateVerifier.isValid(errorCode)) {
             throw new IllegalArgumentException("errorCode '" + errorCode +
                     "' invalid, see https://www.openssl.org/docs/man1.0.2/apps/verify.html.");
         }
diff --git a/handler/src/test/java/io/netty/handler/ssl/OpenSslCertificateExceptionTest.java b/handler/src/test/java/io/netty/handler/ssl/OpenSslCertificateExceptionTest.java
index 229e853cd2..c9e8163fa6 100644
--- a/handler/src/test/java/io/netty/handler/ssl/OpenSslCertificateExceptionTest.java
+++ b/handler/src/test/java/io/netty/handler/ssl/OpenSslCertificateExceptionTest.java
@@ -18,20 +18,15 @@ package io.netty.handler.ssl;
 import io.netty.internal.tcnative.CertificateVerifier;
 import org.junit.Assert;
 import org.junit.Assume;
-import org.junit.BeforeClass;
 import org.junit.Test;
 
 import java.lang.reflect.Field;
 
 public class OpenSslCertificateExceptionTest {
 
-    @BeforeClass
-    public static void assumeOpenSsl() {
-        Assume.assumeTrue(OpenSsl.isAvailable());
-    }
-
     @Test
     public void testValidErrorCode() throws Exception {
+        Assume.assumeTrue(OpenSsl.isAvailable());
         Field[] fields = CertificateVerifier.class.getFields();
         for (Field field : fields) {
             if (field.isAccessible()) {
@@ -44,6 +39,13 @@ public class OpenSslCertificateExceptionTest {
 
     @Test(expected = IllegalArgumentException.class)
     public void testNonValidErrorCode() {
+        Assume.assumeTrue(OpenSsl.isAvailable());
         new OpenSslCertificateException(Integer.MIN_VALUE);
     }
+
+    @Test
+    public void testCanBeInstancedWhenOpenSslIsNotAvailable() {
+        Assume.assumeFalse(OpenSsl.isAvailable());
+        new OpenSslCertificateException(0);
+    }
 }