Commit Graph

23 Commits

Author SHA1 Message Date
Trustin Lee
cb4020d4be Provide convenient universal API to enable SSL/TLS
Motivation:

Although 4cff4b99fd introduced
OpenSslEngine and its helper classes, a user has to write two different
copies of SSL initialization code that does pretty much same job,
because the initialization procedure between JDK SSLEngine and
OpenSslEngine are different.

Modifications:

- Replace OpenSslContextBuilder with SslContext which provides the
  unified API for creating an SSL context
  - SslContext allows you to create a new SSLEngine or a new SslHandler
    with your PKCS#8 key and X.509 certificate chain.
- Merge OpenSslBufferPool into SslBufferPool
  - Add an option to preallocate the pool
  - Add an option to allocate direct buffers
  - When OpenSSL is in use, preallocate direct buffers, which is close
    to what OpenSslBufferPool does.
- Add JdkSslContext which is a simple wrapper of JDK's SSLContext
  - The specified PKCS#8 key and X.509 certificate chain are converted
    to JDK KeyStore in instantiation time.
  - Like OpenSslServerContext, it uses sensible default cipher suites now.
- A user does not specify certPath and caPath separately anymore. He or
  she has to merge them into a single file.  I find this more logical
  because previously ca file's first entry and cert file were always same.
- Clean up SSL tests to demonstrate the advantage of this change
  - AbstractSocketSsl*Test now uses SslContext.new*Context() to
    configure both the client and the server side.  We did this only for
    the server side previously and had to use different certificates for
    JDK SSLEngine and OpenSslEngine, but not anymore.
- Add ApplicationProtocolSelector to ensure the future support for NPN
  (NextProtoNego) and ALPN (Application Layer Protocol Negotiation) on
  the client-side.
- Add SimpleTrustManagerFactory to help a user write a
  TrustManagerFactory easily, which should be useful for those who need
  to write an alternative verification mechanism. For example, we can
  use it to implement an unsafe TrustManagerFactory that accepts
  self-signed certificates for testing purposes.
- Add InsecureTrustManagerFactory and FingerprintTrustManager for quick
  and dirty testing
- Add SelfSignedCertificate class which generates a self-signed X.509
  certificate very easily.
- Update all our examples to use SslContext.newClient/ServerContext()
- Found that OpenSslEngine performs unnecessary memory copy - optimized
  it.
- SslHandler now logs the chosen cipher suite when handshake is
  finished.

Result:

- Cleaner unified API for configuring an SSL client and an SSL server
  regardless of its internal implementation.
- When native libraries are available, OpenSSL-based SSLEngine
  implementation is selected automatically to take advantage of its
  performance benefit.
- Examples take advantage of this modification and thus are cleaner.
2014-05-17 19:40:48 +09:00
Trustin Lee
f91ebb14b2 More license updates 2011-12-09 14:31:04 +09:00
Vibul Imtarnasan
d597ad74de Merge pull request #109 from veebs/WebSocketFor3.2
WebSocket for 3.2
2011-12-08 21:24:54 -08:00
vibul
962438c8b0 Update notices for WebSocket support. 2011-12-09 16:15:41 +11:00
Trustin Lee
f9b879e73f http://jboss.org/netty/ to http://netty.io/ 2011-12-09 12:47:26 +09:00
Trustin Lee
d9dba0d754 Fixed wrong license file name 2010-10-24 18:17:54 +00:00
Trustin Lee
14d27eb7c9 Removed the unused dependencies from NOTICE.txt 2010-05-07 01:02:29 +00:00
Trustin Lee
eeb98c5f97 * Forked JZlib to support GZIP format
* Added CompressionException to hide ZStreamException
* Better javadoc on compression level
* Better compression level validation
2009-10-21 06:07:26 +00:00
Trustin Lee
a7132ee08e Relates issue: NETTY-80 Compression codec
* Initial implementation of jzlib based zlib compression handler
2009-10-16 06:10:25 +00:00
Trustin Lee
2fa19ff845 * Updated NOTICE.txt (file -> product)
* Relicensing the benchmark program under ALv2
2009-08-28 07:45:45 +00:00
Trustin Lee
829afeb993 file -> product 2009-08-28 07:40:28 +00:00
Trustin Lee
b11ef6ca9b Relicensed to Apache License v2 2009-08-28 07:15:49 +00:00
Trustin Lee
e424c5f87d * Added XNIO dependency (optional)
* Updated license files for XNIO
2009-02-17 10:22:53 +00:00
Trustin Lee
7860e999a7 Updated license information (NETTY-106 Add missing license files to the distribution) 2009-02-13 13:58:37 +00:00
Trustin Lee
026fc520bb * Moved all third party license filed into the 'license' directory
* Beautified NOTICE.txt
2008-12-30 02:41:09 +00:00
Trustin Lee
2e6b091ce9 Updated license information 2008-12-30 02:23:25 +00:00
Trustin Lee
b368d09785 Typo 2008-12-17 10:21:00 +00:00
Trustin Lee
c42494b252 Updated the license information 2008-12-17 10:06:55 +00:00
Trustin Lee
aab28d36d9 * Added ConcurrentReferenceHashMap (will be used to implement NETTY-85 Global Channel registry)
* Updated copyright notice
2008-11-29 15:42:03 +00:00
Trustin Lee
731ab2a0eb Updated copyright information 2008-10-01 04:55:10 +00:00
Trustin Lee
5e767254ea Tabs to spaces 2008-09-05 06:38:38 +00:00
Trustin Lee
f812cde87f Updated NOTICE.txt and added COPYRIGHT.txt following the JBoss.org guideline 2008-08-08 00:52:35 +00:00
Trustin Lee
aef2ab453a Initial import. Needs to:
* rename packages
* update license information
2008-08-08 00:37:18 +00:00