andreacavalli/netty5
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Re-enable running openssl (shared) tests on CI (#11197)

Browse Source 
Motivation:

It turned out we didnt run the openssl tests on the CI when we used the non-static version of netty-tcnative.

Modifications:

- Upgrade netty-tcnative to fix segfault when using shared openssl
- Adjust tests to only run session cache tests when openssl supports it
- Fix some more tests to only depend on KeyManager if the underlying openssl version supports it

Result:

Run all openssl test on the CI even when shared library is used
This commit is contained in:
Norman Maurer 2021-04-27 13:49:06 +02:00
parent 636244c287
commit c919b385e2
11 changed files with 146 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.github/workflows/ci-pr.yml vendored
View File

@ -70,8 +70,10 @@ jobs:
# Compile native code and the modules it depend on and run NativeLoadingTest. This is enough to ensure
# we can load the native module on aarch64
#
# Use tcnative.classifier that is empty as we don't support using the shared lib version on ubuntu.
run: |
JAVA_HOME=/usr/lib/jvm/java-11-openjdk-arm64 mvn -pl testsuite-native -am clean package -DskipTests=true -Dcheckstyle.skip=true -DskipNativeTestsuite=false
JAVA_HOME=/usr/lib/jvm/java-11-openjdk-arm64 mvn -pl testsuite-native -am clean package -DskipTests=true -Dcheckstyle.skip=true -DskipNativeTestsuite=false -Dtcnative.classifier=
build-pr:
runs-on: ubuntu-latest

4
handler/src/main/java/io/netty/handler/ssl/OpenSsl.java
View File

@ -358,6 +358,10 @@ public final class OpenSsl {
}
}
static boolean isSessionCacheSupported() {
return version() >= 0x10100000L;
}
/**
* Returns a self-signed {@link X509Certificate} for {@code netty.io}.
*/

4
handler/src/test/java/io/netty/handler/ssl/CloseNotifyTest.java
View File

@ -82,6 +82,10 @@ public class CloseNotifyTest {
public void eventsOrder() throws Exception {
assumeTrue("OpenSSL is not available", provider != SslProvider.OPENSSL || OpenSsl.isAvailable());
if (PROTOCOL_TLS_V1_3.equals(protocol)) {
// Ensure we support TLSv1.3
assumeTrue(SslProvider.isTlsv13Supported(provider));
}
BlockingQueue<Object> clientEventQueue = new LinkedBlockingQueue<Object>();
BlockingQueue<Object> serverEventQueue = new LinkedBlockingQueue<Object>();

29
handler/src/test/java/io/netty/handler/ssl/ConscryptOpenSslEngineInteropTest.java
View File

@ -151,11 +151,40 @@ public class ConscryptOpenSslEngineInteropTest extends ConscryptSslEngineTest {
super.testSessionLocalWhenNonMutualWithKeyManager();
}
@Override
public void testSessionLocalWhenNonMutualWithoutKeyManager() throws Exception {
// This only really works when the KeyManagerFactory is supported as otherwise we not really know when
// we need to provide a cert.
assumeTrue(OpenSsl.supportsKeyManagerFactory());
super.testSessionLocalWhenNonMutualWithoutKeyManager();
}
@Override
protected void invalidateSessionsAndAssert(SSLSessionContext context) {
// Not supported by conscrypt
}
@Override
@Test
public void testSessionCache() throws Exception {
assumeTrue(OpenSsl.isSessionCacheSupported());
super.testSessionCache();
}
@Override
@Test
public void testSessionCacheTimeout() throws Exception {
assumeTrue(OpenSsl.isSessionCacheSupported());
super.testSessionCacheTimeout();
}
@Override
@Test
public void testSessionCacheSize() throws Exception {
assumeTrue(OpenSsl.isSessionCacheSupported());
super.testSessionCacheSize();
}
@Override
protected SSLEngine wrapEngine(SSLEngine engine) {
return Java8SslTestUtils.wrapSSLEngineForTesting(engine);

29
handler/src/test/java/io/netty/handler/ssl/JdkOpenSslEngineInteroptTest.java
View File

@ -157,6 +157,35 @@ public class JdkOpenSslEngineInteroptTest extends SSLEngineTest {
super.testSessionLocalWhenNonMutualWithKeyManager();
}
@Override
public void testSessionLocalWhenNonMutualWithoutKeyManager() throws Exception {
// This only really works when the KeyManagerFactory is supported as otherwise we not really know when
// we need to provide a cert.
assumeTrue(OpenSsl.supportsKeyManagerFactory());
super.testSessionLocalWhenNonMutualWithoutKeyManager();
}
@Override
@Test
public void testSessionCache() throws Exception {
assumeTrue(OpenSsl.isSessionCacheSupported());
super.testSessionCache();
}
@Override
@Test
public void testSessionCacheTimeout() throws Exception {
assumeTrue(OpenSsl.isSessionCacheSupported());
super.testSessionCacheTimeout();
}
@Override
@Test
public void testSessionCacheSize() throws Exception {
assumeTrue(OpenSsl.isSessionCacheSupported());
super.testSessionCacheSize();
}
@Override
protected SSLEngine wrapEngine(SSLEngine engine) {
return Java8SslTestUtils.wrapSSLEngineForTesting(engine);

21
handler/src/test/java/io/netty/handler/ssl/OpenSslConscryptSslEngineInteropTest.java
View File

@ -143,6 +143,27 @@ public class OpenSslConscryptSslEngineInteropTest extends ConscryptSslEngineTest
super.testSessionLocalWhenNonMutualWithKeyManager();
}
@Override
@Test
public void testSessionCache() throws Exception {
assumeTrue(OpenSsl.isSessionCacheSupported());
super.testSessionCache();
}
@Override
@Test
public void testSessionCacheTimeout() throws Exception {
assumeTrue(OpenSsl.isSessionCacheSupported());
super.testSessionCacheTimeout();
}
@Override
@Test
public void testSessionCacheSize() throws Exception {
assumeTrue(OpenSsl.isSessionCacheSupported());
super.testSessionCacheSize();
}
@Override
protected void invalidateSessionsAndAssert(SSLSessionContext context) {
// Not supported by conscrypt

25
handler/src/test/java/io/netty/handler/ssl/OpenSslEngineTest.java
View File

@ -1380,6 +1380,14 @@ public class OpenSslEngineTest extends SSLEngineTest {
super.testSessionLocalWhenNonMutualWithKeyManager();
}
@Override
public void testSessionLocalWhenNonMutualWithoutKeyManager() throws Exception {
// This only really works when the KeyManagerFactory is supported as otherwise we not really know when
// we need to provide a cert.
assumeTrue(OpenSsl.supportsKeyManagerFactory());
super.testSessionLocalWhenNonMutualWithoutKeyManager();
}
@Override
protected SslProvider sslClientProvider() {
return SslProvider.OPENSSL;
@ -1421,14 +1429,29 @@ public class OpenSslEngineTest extends SSLEngineTest {
return context;
}
@Test
@Override
@Test
public void testSessionCache() throws Exception {
assumeTrue(OpenSsl.isSessionCacheSupported());
super.testSessionCache();
assertSessionContext(clientSslCtx);
assertSessionContext(serverSslCtx);
}
@Override
@Test
public void testSessionCacheTimeout() throws Exception {
assumeTrue(OpenSsl.isSessionCacheSupported());
super.testSessionCacheTimeout();
}
@Override
@Test
public void testSessionCacheSize() throws Exception {
assumeTrue(OpenSsl.isSessionCacheSupported());
super.testSessionCacheSize();
}
private static void assertSessionContext(SslContext context) {
if (context == null) {
return;

29
handler/src/test/java/io/netty/handler/ssl/OpenSslJdkSslEngineInteroptTest.java
View File

@ -142,6 +142,35 @@ public class OpenSslJdkSslEngineInteroptTest extends SSLEngineTest {
super.testSessionLocalWhenNonMutualWithKeyManager();
}
@Override
public void testSessionLocalWhenNonMutualWithoutKeyManager() throws Exception {
// This only really works when the KeyManagerFactory is supported as otherwise we not really know when
// we need to provide a cert.
assumeTrue(OpenSsl.supportsKeyManagerFactory());
super.testSessionLocalWhenNonMutualWithoutKeyManager();
}
@Override
@Test
public void testSessionCache() throws Exception {
assumeTrue(OpenSsl.isSessionCacheSupported());
super.testSessionCache();
}
@Override
@Test
public void testSessionCacheTimeout() throws Exception {
assumeTrue(OpenSsl.isSessionCacheSupported());
super.testSessionCacheTimeout();
}
@Override
@Test
public void testSessionCacheSize() throws Exception {
assumeTrue(OpenSsl.isSessionCacheSupported());
super.testSessionCacheSize();
}
@Override
protected SSLEngine wrapEngine(SSLEngine engine) {
return Java8SslTestUtils.wrapSSLEngineForTesting(engine);

1
handler/src/test/java/io/netty/handler/ssl/SSLEngineTest.java
View File

@ -536,6 +536,7 @@ public abstract class SSLEngineTest {
@Test(expected = SSLHandshakeException.class)
public void testIncompatibleCiphers() throws Exception {
assumeTrue(SslProvider.isTlsv13Supported(sslClientProvider()));
assumeTrue(SslProvider.isTlsv13Supported(sslServerProvider()));
SelfSignedCertificate ssc = new SelfSignedCertificate();
// Select a mandatory cipher from the TLSv1.2 RFC https://www.ietf.org/rfc/rfc5246.txt so handshakes won't fail

1
handler/src/test/java/io/netty/handler/ssl/SslContextBuilderTest.java
View File

@ -102,6 +102,7 @@ public class SslContextBuilderTest {
@Test
public void testContextFromManagersOpenssl() throws Exception {
Assume.assumeTrue(OpenSsl.isAvailable());
Assume.assumeTrue(OpenSsl.supportsKeyManagerFactory());
testContextFromManagers(SslProvider.OPENSSL);
}

16
pom.xml
View File

@ -68,20 +68,6 @@
</developers>
<profiles>
<profile>
<id>not_x86_64</id>
<activation>
<os>
<arch>!x86_64</arch>
</os>
</activation>
<properties>
<!-- Use no classifier as we only support x86_64 atm-->
<tcnative.classifier />
<skipShadingTestsuite>true</skipShadingTestsuite>
</properties>
</profile>
<!-- Detect if we use GraalVM and if so enable the native image testsuite -->
<profile>
<id>graal</id>
@ -333,7 +319,7 @@
<!-- keep in sync with PlatformDependent#ALLOWED_LINUX_OS_CLASSIFIERS -->
<os.detection.classifierWithLikes>fedora,suse,arch</os.detection.classifierWithLikes>
<tcnative.artifactId>netty-tcnative</tcnative.artifactId>
<tcnative.version>2.0.38.Final</tcnative.version>
<tcnative.version>2.0.39.Final</tcnative.version>
<tcnative.classifier>${os.detected.classifier}</tcnative.classifier>
<conscrypt.groupId>org.conscrypt</conscrypt.groupId>
<conscrypt.artifactId>conscrypt-openjdk-uber</conscrypt.artifactId>