Commit Graph

539 Commits

Author SHA1 Message Date
nmittler
2ca6a70211 Upgrading Jetty alpn-api version
Motivation:

Discussion is in https://github.com/jetty-project/jetty-alpn/issues/8. The new API allows protocol negotiation to properly throw SSLHandshakeException.

Modifications:

Updated the parent pom.xml with the new version.

Result:

Upgraded alpn-api now allows throwing SSLHandshakeException.
2015-05-22 13:15:21 -07:00
Norman Maurer
b02f52a680 [#3784] Support hostname verification when using OpenSSLEngine
Motivation:

At the moment hostname verification is not supported with OpenSSLEngine.

Modifications:

- Allow to create OpenSslEngine with peerHost and peerPort informations.
- Respect endPointIdentificationAlgorithm and algorithmConstraints when set and get SSLParamaters.

Result:

hostname verification is supported now.
2015-05-18 08:01:38 +02:00
Norman Maurer
d1c46ca987 [maven-release-plugin] prepare for next development iteration 2015-05-07 11:33:47 -04:00
Norman Maurer
005d4a42fc [maven-release-plugin] prepare release netty-4.0.28.Final 2015-05-07 11:33:09 -04:00
Norman Maurer
0f4d3a981e Revert "[maven-release-plugin] prepare for next development iteration"
This reverts commit 3c10ffab5e.
2015-05-07 11:02:03 -04:00
Norman Maurer
3c10ffab5e [maven-release-plugin] prepare for next development iteration 2015-05-07 09:09:23 -04:00
Norman Maurer
4581c441c9 Allow rejection of remote initiated renegotiation
Motivation:

To prevent from DOS attacks it can be useful to disable remote initiated renegotiation.

Modifications:

Add new flag to OpenSslContext that can be used to disable it
Adding a testcase

Result:

Remote initiated renegotion requests can be disabled now.
2015-05-07 14:41:00 +02:00
Trustin Lee
7b457a48f7 Add more profiles for newer JDK versions
Modifications:

- Add jetty.npn.version.latest and jetty.alpn.version.latest7/8
- Add npn-alpn-7 profile
- Use the *.latest7/8 version properties in alpn-8 and npn-alpn-7
- Add more profiles for newer JDK versions
- Reorder profiles
2015-05-04 14:33:56 +09:00
Norman Maurer
b50f2d5294 [#3218] Add ChannelPool / ChannelPoolMap abstraction and implementations
Motivation:

Many projects need some kind a Channel/Connection pool implementation. While the protocols are different many things can be shared, so we should provide a generic API and implementation.

Modifications:

Add ChannelPool / ChannelPoolMap API and implementations.

Result:

Reusable / Generic pool implementation that users can use.
2015-04-30 12:04:19 +02:00
Norman Maurer
97a3308c7e Add support for ALPN when using openssl + NPN client mode and support for CipherSuiteFilter
Motivation:

To support HTTP2 we need APLN support. This was not provided before when using OpenSslEngine, so SSLEngine (JDK one) was the only bet.
Beside this CipherSuiteFilter was not supported

Modifications:

- Upgrade netty-tcnative and make use of new features to support ALPN and NPN in server and client mode.
- Guard against segfaults after the ssl pointer is freed
- support correctly different failure behaviours
- add support for CipherSuiteFilter

Result:

Be able to use OpenSslEngine for ALPN / NPN for server and client.
2015-04-10 18:59:58 +02:00
Norman Maurer
f2fedbcdef [maven-release-plugin] prepare for next development iteration 2015-03-31 22:06:30 -04:00
Norman Maurer
054e7c5d17 [maven-release-plugin] prepare release netty-4.0.27.Final 2015-03-31 22:05:43 -04:00
Norman Maurer
0c6ba4aab6 Add supported for X509ExtendedTrustManager when using OpenSslEngine
Motivation:

For some use cases X509ExtendedTrustManager is needed as it allows to also access the SslEngine during validation.

Modifications:

Add support for X509ExtendedTrustManager on java >= 7

Result:

It's now possible to use X509ExtendedTrustManager with OpenSslEngine
2015-03-30 09:05:09 +02:00
Trustin Lee
0222f41233 Enforce a release is made with JDK 1.7 (and not w/ 1.8+)
Motivations:

JDK 1.8 adds default methods to collections classes that reference
classes that don't exist in JDK 7. That's binary compatible,
but not source compatible.

Modifications:

Enforce JDK version to be 1.7.* when releasing

Result:

Fixes #3548
2015-03-29 16:58:50 +09:00
Scott Mitchell
d43c21dab0 Jetty ALNPN and NPN updates plus backport
Motivation:
There are new versions of the ALPN and NPN dependencies.  There was also some backport misses in the pom file related to ALPN/NPN.

Modifications:
- Add new versions for ALPN/NPN dependencies.
- Backport missed pieces from pom.xml.

Result:
Updated version of ALPN/NPN versions.
2015-03-25 08:55:13 -07:00
Idel Pivnitskiy
abcb2b3661 Update jUnit version to 4.12
Motivation:

Too many new features in the new release of jUnit.
https://github.com/junit-team/junit/blob/master/doc/ReleaseNotes4.12.md

Modifications:

- Changed version of jUnit from 4.11 to 4.12 in the parent pom.

Result:

Allows using new testing features.
2015-03-17 16:17:59 +01:00
Norman Maurer
37264bb72b [maven-release-plugin] prepare for next development iteration 2015-03-02 01:31:30 -05:00
Norman Maurer
0dbc96cffd [maven-release-plugin] prepare release netty-4.0.26.Final 2015-03-02 01:30:58 -05:00
Norman Maurer
e99d89c04d [maven-release-plugin] rollback the release of netty-4.0.26.Final 2015-02-28 21:28:06 +01:00
Norman Maurer
b86e2e6ac0 [maven-release-plugin] prepare release netty-4.0.26.Final 2015-02-28 13:55:01 -05:00
Robert Varga
2aad79fcca Add a pax-exam based OSGi test suite
Motivation:

Release 4.0.25 was not usable in OSGi environments due to a simple typo.
An automated test could have caught the problem even before it was
committed.

Modifications:

This patch introduces a new artifact, osgitests, which pulls in all
production artifacts (which we want to be checked for OSGi compliance).
It contains only a single unit test, which runs a pax-exam container
with felix OSGi.

At initialization time, it scans all the artifact's dependencies,
looking for things belonging to io.netty group. The container is
configured to deploy those artifacts as bundles and fail if any bundle
is found to be unresolved. It performs a final check to see if any
bundles were tested this way, to make sure the mechanism is not
completely broken.

We are using wrappedBundle(), as two of our third-party dependencies do
not export packages correctly -- this masks the problem, assuming that
whoever deploys our artifacts depending on them will figure out how to
OSGify them.

Result:

Simple typos and other bundle manifest errors should be caught during
test phase of every build.
2015-02-18 15:56:27 +01:00
Fabian Lange
489f2e1d75 Fixed broken optional OSGi Import-Package header (#3424). 2015-02-13 20:44:06 +01:00
Ngoc Dao
8ea993d1ac Fix #3331 Update Javassist from 3.18.0-GA to 3.19.0-GA 2015-02-07 12:24:40 +09:00
Trustin Lee
c0cda20b1e Fix broken OSGi version range for NPN and ALPN dependency
Related: #3302
2015-01-03 11:51:12 +09:00
Trustin Lee
0e61aeb849 [maven-release-plugin] prepare for next development iteration 2014-12-31 20:58:44 +09:00
Trustin Lee
087db82e78 [maven-release-plugin] prepare release netty-4.0.25.Final 2014-12-31 20:58:33 +09:00
Trustin Lee
5f4a68480e Require RHEL 6.6 to release
Motivation:

The latest stable RHEL version of 6.x is now 6.6.

Modification:

Update pom.xml's validation configuration

Result:

Can release on the latest stable RHEL version in 6.x
2014-12-31 20:40:02 +09:00
Trustin Lee
e03bbc340e Upgrade to netty-tcnative-1.1.32.Fork1 2014-12-28 19:11:18 +09:00
Norman Maurer
60f24ac2a1 Add OpenSslClientContext to allow creating SslEngine for client side
Motivation:

We only support openssl for server side at the moment but it would be also useful for client side.

Modification:

* Upgrade to new netty-tcnative snapshot to support client side openssl support
* Add OpenSslClientContext which can be used to create SslEngine for client side usage
* Factor out common logic between OpenSslClientContext and OpenSslServerContent into new abstract base class called OpenSslContext
* Correctly detect handshake failures as soon as possible
* Guard against segfault caused by multiple calls to destroyPools(). This can happen if OpenSslContext throws an exception in the constructor and the finalize() method is called later during GC

Result:

openssl can be used for client and servers now.
2014-12-22 19:37:48 +01:00
Scott Mitchell
5ff0b1253c Parent pom inconsistent between baselines
Motivation:
ALPN version updates revealed an inconsistency visible by defaulting to npn when alpn was expected.

Modifications:
Default to ALPN.

Result:
Build and unit tests should pass.
2014-12-16 19:27:51 -05:00
Scott Mitchell
2c0a85c6ec Java ALPN provider version update
Motivation:

There was a bug in the Java ALPN library we are using.  A new version was released to fix this bug and we should update our pom.xml to use the new version.

Modifications:

Update pom.xml to use new ALPN library.

Result:

Newer versions of JDK (1.7_u71, 1.7_u72, 1.8_u25) have the bug fixed.
2014-12-16 16:27:47 -05:00
Trustin Lee
80f788cea2 Fix build errors due to missing dependency 2014-12-14 21:30:57 +09:00
Trustin Lee
c718657cf2 Compress the heap dump generated by TestUtils.dump()
Motivation:

It takes too long to download the heap dump from the CI server.

Modifications:

Compress the heap dump as much as possible.

Result:

When heap dump is generated by certain test failure, the generated heap
dump file is about 3 times smaller than before, although the compression
time will increase the build time when the test fails.
2014-12-14 12:03:11 +09:00
Trustin Lee
7d8873a490 Fix dependency issues with hamcrest
Motivation:

We use 3 (!) libraries to build mock objects - easymock, mockito, jmock.
Mockito and jMock pulls in the different versions of Hamcrest, and it
conflicts with the version pulled by jUnit.

Modifications:

- Replace mockito-all with mockito-core to avoid pulling in outdated
  jUnit and Hamcrest
- Exclude junit-dep when pulling in jmock-junit4, because it pulls an
  outdated Hamcrest version
- Pull in the hamcrest-library version used by jUnit explicitly

Result:

No more dependency hell that results in NoSuchMethodError during the
tests
2014-12-04 18:00:02 +09:00
Trustin Lee
49998bc9c0 Fix build errors introduced during backporting SslContext 2014-10-31 14:25:14 +09:00
Scott Mitchell
56b8bb30b2 Backport ALPN and Mutual Auth SSL
Motivation:

Improvements were made on the main line to support ALPN and mutual
authentication for TLS. These should be backported.

Modifications:

- Backport commits from the master branch
  - f8af84d599
  - e74c8edba3

Result:

Support for ALPN and mutual authentication.
2014-10-31 14:15:12 +09:00
Norman Maurer
1914b77c71 [maven-release-plugin] prepare for next development iteration 2014-10-29 11:48:40 +01:00
Norman Maurer
c170e7df3f [maven-release-plugin] prepare release netty-4.0.24.Final 2014-10-29 11:47:19 +01:00
Trustin Lee
7710e7da44 [maven-release-plugin] prepare for next development iteration 2014-08-16 03:02:02 +09:00
Trustin Lee
208198c0cb [maven-release-plugin] prepare release netty-4.0.23.Final 2014-08-16 03:01:57 +09:00
Trustin Lee
a2d508711d [maven-release-plugin] prepare for next development iteration 2014-08-14 09:41:33 +09:00
Trustin Lee
3051db9d59 [maven-release-plugin] prepare release netty-4.0.22.Final 2014-08-14 09:41:28 +09:00
Trustin Lee
2db06f27e9 Reduce the execution time of maven-antrun-plugin
Related issue: #2508

Motivation:

The '<exec/>' task takes unnecessarily long time due to a known issue:

- https://issues.apache.org/bugzilla/show_bug.cgi?id=54128

Modifications:

- Reduce the number of '<exec/>' tasks for faster build
- Use '<propertyregex/>' to extract the output

Result:

Slightly faster build
2014-08-13 15:41:42 -07:00
Trustin Lee
d0bc3be79c Add missing m2eclipse life cycle mapping
Also, use ignore instead of execution because those plugins are not
really useful when building from Eclipse anyway.
2014-07-06 16:53:53 +09:00
Trustin Lee
0a8ff3b52d Fix most inspector warnings
Motivation:

It's good to minimize potentially broken windows.

Modifications:

Fix most inspector warnings from our profile
Update IntObjectHashMap

Result:

Cleaner code
2014-07-02 20:21:30 +09:00
Norman Maurer
e8f4def2a3 [maven-release-plugin] prepare for next development iteration 2014-06-30 14:31:08 +02:00
Norman Maurer
25e3c8ce3d [maven-release-plugin] prepare release netty-4.0.21.Final 2014-06-30 14:29:15 +02:00
Trustin Lee
ff5b15acbd Upgrade JACOCO to the latest version
.. to fix the build errors triggered by the old JACOCO release
2014-06-27 17:23:03 +09:00
Trustin Lee
4f82b6e393 Enable verbose:gc only when 'leak' profile is disabled
The leak profile generates a lot of garbage which makes the verbose:gc
output too large.
2014-06-27 17:10:45 +09:00
Phil.Baxter
101b9ded33 export sun security packages as optional 2014-06-15 20:59:55 +02:00