Consume tcnative options update
Motivation: tcnative has updated how constants are defined and removed some constants which are either obsolete or now set directly in tcnative. Modifications: - update to compile against tcnative changes. Result: Netty compiles with tcnative options changes.
This commit is contained in:
parent
591293bfb4
commit
cd3bf3df58
@ -119,7 +119,6 @@ public final class OpenSsl {
|
||||
long privateKeyBio = 0;
|
||||
long certBio = 0;
|
||||
try {
|
||||
SSLContext.setOptions(sslCtx, SSL.SSL_OP_ALL);
|
||||
SSLContext.setCipherSuite(sslCtx, "ALL");
|
||||
final long ssl = SSL.newSSL(sslCtx, true);
|
||||
try {
|
||||
|
@ -270,22 +270,19 @@ public abstract class ReferenceCountedOpenSslContext extends SslContext implemen
|
||||
throw new SSLException("failed to create an SSL_CTX", e);
|
||||
}
|
||||
|
||||
SSLContext.setOptions(ctx, SSL.SSL_OP_ALL);
|
||||
SSLContext.setOptions(ctx, SSL.SSL_OP_NO_SSLv2);
|
||||
SSLContext.setOptions(ctx, SSL.SSL_OP_NO_SSLv3);
|
||||
SSLContext.setOptions(ctx, SSL.SSL_OP_CIPHER_SERVER_PREFERENCE);
|
||||
SSLContext.setOptions(ctx, SSL.SSL_OP_SINGLE_ECDH_USE);
|
||||
SSLContext.setOptions(ctx, SSL.SSL_OP_SINGLE_DH_USE);
|
||||
SSLContext.setOptions(ctx, SSL.SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
|
||||
SSLContext.setOptions(ctx, SSLContext.getOptions(ctx) |
|
||||
SSL.SSL_OP_NO_SSLv2 |
|
||||
SSL.SSL_OP_NO_SSLv3 |
|
||||
SSL.SSL_OP_CIPHER_SERVER_PREFERENCE |
|
||||
|
||||
// We do not support compression at the moment so we should explicitly disable it.
|
||||
SSLContext.setOptions(ctx, SSL.SSL_OP_NO_COMPRESSION);
|
||||
SSL.SSL_OP_NO_COMPRESSION |
|
||||
|
||||
// Disable ticket support by default to be more inline with SSLEngineImpl of the JDK.
|
||||
// This also let SSLSession.getId() work the same way for the JDK implementation and the OpenSSLEngine.
|
||||
// If tickets are supported SSLSession.getId() will only return an ID on the server-side if it could
|
||||
// make use of tickets.
|
||||
SSLContext.setOptions(ctx, SSL.SSL_OP_NO_TICKET);
|
||||
SSL.SSL_OP_NO_TICKET);
|
||||
|
||||
// We need to enable SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER as the memory address may change between
|
||||
// calling OpenSSLEngine.wrap(...).
|
||||
|
@ -581,8 +581,7 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc
|
||||
}
|
||||
} else {
|
||||
int sslError = SSL.getError(ssl, bytesWritten);
|
||||
switch (sslError) {
|
||||
case SSL.SSL_ERROR_ZERO_RETURN:
|
||||
if (sslError == SSL.SSL_ERROR_ZERO_RETURN) {
|
||||
// This means the connection was shutdown correctly, close inbound and outbound
|
||||
if (!receivedShutdown) {
|
||||
closeAll();
|
||||
@ -596,14 +595,12 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc
|
||||
}
|
||||
|
||||
return newResult(NOT_HANDSHAKING, bytesConsumed, bytesProduced);
|
||||
|
||||
case SSL.SSL_ERROR_WANT_READ:
|
||||
} else if (sslError == SSL.SSL_ERROR_WANT_READ) {
|
||||
// If there is no pending data to read from BIO we should go back to event loop and try
|
||||
// to read more data [1]. It is also possible that event loop will detect the socket has
|
||||
// been closed. [1] https://www.openssl.org/docs/manmaster/ssl/SSL_write.html
|
||||
return newResult(NEED_UNWRAP, bytesConsumed, bytesProduced);
|
||||
|
||||
case SSL.SSL_ERROR_WANT_WRITE:
|
||||
} else if (sslError == SSL.SSL_ERROR_WANT_WRITE) {
|
||||
// SSL_ERROR_WANT_WRITE typically means that the underlying transport is not writable
|
||||
// and we should set the "want write" flag on the selector and try again when the
|
||||
// underlying transport is writable [1]. However we are not directly writing to the
|
||||
@ -617,8 +614,7 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc
|
||||
// is undefined and we assume their is a fatal error with the openssl engine and close.
|
||||
// [1] https://www.openssl.org/docs/manmaster/ssl/SSL_write.html
|
||||
return newResult(NEED_WRAP, bytesConsumed, bytesProduced);
|
||||
|
||||
default:
|
||||
} else {
|
||||
// Everything else is considered as error
|
||||
throw shutdownWithError("SSL_write");
|
||||
}
|
||||
@ -844,22 +840,18 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc
|
||||
break;
|
||||
} else {
|
||||
int sslError = SSL.getError(ssl, bytesRead);
|
||||
switch (sslError) {
|
||||
case SSL.SSL_ERROR_WANT_WRITE:
|
||||
case SSL.SSL_ERROR_WANT_READ:
|
||||
if (sslError == SSL.SSL_ERROR_WANT_READ || sslError == SSL.SSL_ERROR_WANT_WRITE) {
|
||||
// break to the outer loop as we want to read more data which means we need to
|
||||
// write more to the BIO.
|
||||
break readLoop;
|
||||
|
||||
case SSL.SSL_ERROR_ZERO_RETURN:
|
||||
} else if (sslError == SSL.SSL_ERROR_ZERO_RETURN) {
|
||||
// This means the connection was shutdown correctly, close inbound and outbound
|
||||
if (!receivedShutdown) {
|
||||
closeAll();
|
||||
}
|
||||
return newResultMayFinishHandshake(isInboundDone() ? CLOSED : OK, status,
|
||||
bytesConsumed, bytesProduced);
|
||||
|
||||
default:
|
||||
} else {
|
||||
return sslReadErrorResult(SSL.getLastErrorNumber(), bytesConsumed,
|
||||
bytesProduced);
|
||||
}
|
||||
@ -1038,27 +1030,14 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc
|
||||
int err = SSL.shutdownSSL(ssl);
|
||||
if (err < 0) {
|
||||
int sslErr = SSL.getError(ssl, err);
|
||||
switch (sslErr) {
|
||||
case SSL.SSL_ERROR_NONE:
|
||||
case SSL.SSL_ERROR_WANT_ACCEPT:
|
||||
case SSL.SSL_ERROR_WANT_CONNECT:
|
||||
case SSL.SSL_ERROR_WANT_WRITE:
|
||||
case SSL.SSL_ERROR_WANT_READ:
|
||||
case SSL.SSL_ERROR_WANT_X509_LOOKUP:
|
||||
case SSL.SSL_ERROR_ZERO_RETURN:
|
||||
// Nothing to do here
|
||||
break;
|
||||
case SSL.SSL_ERROR_SYSCALL:
|
||||
case SSL.SSL_ERROR_SSL:
|
||||
if (sslErr == SSL.SSL_ERROR_SYSCALL || sslErr == SSL.SSL_ERROR_SSL) {
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("SSL_shutdown failed: OpenSSL error: {}", SSL.getLastError());
|
||||
}
|
||||
// There was an internal error -- shutdown
|
||||
shutdown();
|
||||
break;
|
||||
default:
|
||||
} else {
|
||||
SSL.clearError();
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -1214,9 +1193,6 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc
|
||||
}
|
||||
synchronized (this) {
|
||||
if (!isDestroyed()) {
|
||||
// Enable all and then disable what we not want
|
||||
SSL.setOptions(ssl, SSL.SSL_OP_ALL);
|
||||
|
||||
// Clear out options which disable protocols
|
||||
SSL.clearOptions(ssl, SSL.SSL_OP_NO_SSLv2 | SSL.SSL_OP_NO_SSLv3 | SSL.SSL_OP_NO_TLSv1 |
|
||||
SSL.SSL_OP_NO_TLSv1_1 | SSL.SSL_OP_NO_TLSv1_2);
|
||||
@ -1290,16 +1266,14 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc
|
||||
int status;
|
||||
if ((status = SSL.renegotiate(ssl)) != 1 || (status = SSL.doHandshake(ssl)) != 1) {
|
||||
int err = SSL.getError(ssl, status);
|
||||
switch (err) {
|
||||
case SSL.SSL_ERROR_WANT_READ:
|
||||
case SSL.SSL_ERROR_WANT_WRITE:
|
||||
if (err == SSL.SSL_ERROR_WANT_READ || err == SSL.SSL_ERROR_WANT_WRITE) {
|
||||
// If the internal SSL buffer is small it is possible that doHandshake may "fail" because
|
||||
// there is not enough room to write, so we should wait until the renegotiation has been.
|
||||
renegotiationPending = true;
|
||||
handshakeState = HandshakeState.STARTED_EXPLICITLY;
|
||||
lastAccessed = System.currentTimeMillis();
|
||||
return;
|
||||
default:
|
||||
} else {
|
||||
throw shutdownWithError("renegotiation failed");
|
||||
}
|
||||
}
|
||||
@ -1383,11 +1357,9 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc
|
||||
}
|
||||
|
||||
int sslError = SSL.getError(ssl, code);
|
||||
switch (sslError) {
|
||||
case SSL.SSL_ERROR_WANT_READ:
|
||||
case SSL.SSL_ERROR_WANT_WRITE:
|
||||
if (sslError == SSL.SSL_ERROR_WANT_READ || sslError == SSL.SSL_ERROR_WANT_WRITE) {
|
||||
return pendingStatus(SSL.bioLengthNonApplication(networkBIO));
|
||||
default:
|
||||
} else {
|
||||
// Everything else is considered as error
|
||||
throw shutdownWithError("SSL_do_handshake");
|
||||
}
|
||||
|
2
pom.xml
2
pom.xml
@ -239,7 +239,7 @@
|
||||
<!-- Fedora-"like" systems. This is currently only used for the netty-tcnative dependency -->
|
||||
<os.detection.classifierWithLikes>fedora</os.detection.classifierWithLikes>
|
||||
<tcnative.artifactId>netty-tcnative</tcnative.artifactId>
|
||||
<tcnative.version>2.0.0.Beta2</tcnative.version>
|
||||
<tcnative.version>2.0.0.Final-SNAPSHOT</tcnative.version>
|
||||
<tcnative.classifier>${os.detected.classifier}</tcnative.classifier>
|
||||
<epoll.classifier>${os.detected.name}-${os.detected.arch}</epoll.classifier>
|
||||
<logging.config>${project.basedir}/../common/src/test/resources/logback-test.xml</logging.config>
|
||||
|
Loading…
Reference in New Issue
Block a user