Commit Graph

787 Commits

Author SHA1 Message Date
Norman Maurer
7667361924
Update to netty-tcnative 2.0.20.Final (#8561)
Motivation:

Update to netty-tcnative 2.0.20.Final which fixed a bug related to retrieving the remote signature algorithms when using BoringSSL.

Modifications:

Update netty-tcnative

Result:

Be able to correctly detect the remote signature algorithms when using BoringSSL.
2018-11-15 18:05:15 +01:00
Norman Maurer
fd57d971d1
Override and so delegate all methods in OpenSslX509Certificate (#8472)
Motivation:

We did not override all methods in OpenSslX509Certificate and delegate to the internal 509Certificate.

Modifications:

Add missing overrides.

Result:

More correct implementation
2018-11-07 12:16:04 +01:00
sullis
359390d04c Update to maven-surefire-plugin 2.22.1 (#8418)
Motivation:

latest version of plugin should be used.

See https://blogs.apache.org/maven/entry/apache-maven-surefire-plugin-version1

Modification:

Update plugin version in pom.xml

Result:

n/a
2018-11-02 08:09:54 +01:00
sullis
f5bfab374e Maven compiler plugin 3.8.0 (#8417)
Motivation:

latest version of the plugin

Modification:

Bump up version in pom.xml

Result:

Use latest plugin
2018-10-30 14:19:27 +01:00
root
3e7ddb36c7 [maven-release-plugin] prepare for next development iteration 2018-10-29 15:38:51 +00:00
root
9e50739601 [maven-release-plugin] prepare release netty-4.1.31.Final 2018-10-29 15:37:47 +00:00
Norman Maurer
b6522927d7
Add profile to easily run testsuite against netty-tcnative-boringssl-static (#8436)
Motivation:

We should provide an easy way to run our testsuite against netty-tcnative-boringssl-static

Modifications:

- Add boringssl profile which can be used to enable usage of netty-tcnative-boringssl-static
- Make use of the profile in docker-compose

Result:

Cleaner and easier way of running testsuite against netty-tcnative-boringssl-static
2018-10-28 10:27:34 +01:00
Norman Maurer
ce39773e04
Add support for boringssl and TLSv1.3 (#8412)
Motivation:

0ddc62cec0 added support for TLSv1.3 when using openssl 1.1.1. Now that BoringSSL chromium-stable branch supports it as well we can also support it with netty-tcnative-boringssl-static.
During this some unit tests failed with BoringSSL which was caused by not correctly handling flush() while the handshake is still in progress.

Modification:

- Upgrade netty-tcnative version which also supports TLSv1.3 when using BoringSSL
- Correctly handle flush() when done while the handshake is still in progress in all cases.

Result:

Easier for people to enable TLSv1.3 when using native SSL impl.
Ensure flush() while handshake is in progress will always be honored.
2018-10-26 15:29:49 -07:00
Norman Maurer
a93ff3a0e4
Upgrade commons-compress to 2.0.18 (#8416)
Motivation:

Commons-compress < 2.0.18 has a security flaw so we should upgrade (even if we only use it in tests anyway).

Modifications:

Update to 2.0.18

Result:

Use latest version.
2018-10-20 22:03:27 +02:00
Norman Maurer
f24da67a23
Update jetty-alpn-agent version to support latest JDK 8 release. (#8402)
Motivation:

We need to update jetty-alpn-agent to be able to run tests with  OpenJDK 8u191

Modifications:

Update to 2.0.8

Result:

Be able to run tests with latest JDK 8 release.
2018-10-18 08:22:20 +02:00
Norman Maurer
0ddc62cec0
Add support for TLSv1.3 (#8293)
Motivation:

TLSv1.3 support is included in java11 and is also supported by OpenSSL 1.1.1, so we should support when possible.

Modifications:
- Add support for TLSv1.3 using either the JDK implementation or the native implementation provided by netty-tcnative when compiled against openssl 1.1.1
- Adjust unit tests for semantics provided by TLSv1.3
- Correctly handle custom Provider implementations that not support TLSv1.3

Result:

Be able to use TLSv1.3 with netty.
2018-10-17 08:35:35 +02:00
Norman Maurer
59973e93dd
Ensure X509KeyManager methods are called on the correct time when using server-side and support more methods of ExtendedSSLSession. (#8283)
Motivation:

Before when on server-side we just called the X509KeyManager methods when handshake() was called the first time which is not quite correct as we may not have received the full SSL hello / handshake and so could not extra for example the SNI hostname that was requested.
OpenSSL exposes the SSL_CTX_set_cert_cb function which allows to set a callback which is executed at the correct moment, so we should use it. This also allows us to support more methods of ExtendedSSLSession easily.

Modifications:

- Make use of new methods exposed by netty-tcnative since https://github.com/netty/netty-tcnative/pull/388 to ensure we select the key material at the correct time.
- Implement more methods of ExtendedOpenSslSession
- Add unit tests to ensure we are able to retrieve various things on server-side in the X509KeyManager and so verify it is called at the correct time.
- Simplify code by using new netty-tcnative methods.

Result:

More correct implementation for server-side usage and more complete implemented of ExtendedSSLSession.
2018-09-28 11:34:38 +02:00
root
2d7cb47edd [maven-release-plugin] prepare for next development iteration 2018-09-27 19:00:45 +00:00
root
3a9ac829d5 [maven-release-plugin] prepare release netty-4.1.30.Final 2018-09-27 18:56:12 +00:00
Norman Maurer
618a98fdb5
Add profile to be able to compile on java12 (#8321)
Motivation:

First EA releases of Java12 are out we should be able to compile with these and run tests.

Modifications:

Add maven profile for java12.

Result:

Be able to use Java12
2018-09-26 20:01:53 +02:00
Norman Maurer
687275361f
Update to Conscrypt 1.3.0 (#8296)
Motivation:

Conscrypt 1.3.0 was just released and adds support for TLSv1.3

Modifications:

Update to 1.3.0

Result:

Use latest conscrypt during build / test.
2018-09-18 14:19:06 -07:00
Norman Maurer
6ed7c6c75d
Return an ExtendSSLSession whenever possible to allow more strict checking when using OpenSSL (#8281)
Motivation:

When an ExtendedSSLSession is used its possible to do more strict checking of the keys during handshake. We should do this whenever possible.

Modification:

- Return an ExtendedSSLSession when using client-mode and Java7+
- Add unit test
- Simplify unit tests

Result:

More consistent behaviour.
2018-09-14 14:33:11 +02:00
Norman Maurer
e26666a7ea
Update to latest netty-tcnative (#8246)
Motivation:

We should use the latest netty-tcnative release which contains a fix to correctly support DH based ciphers when using openssl 1.1.x

Modifications:

Update to latest netty-tcnative which has the fix.

Result:

Correctly support DH ciphers in all cases. Fixes https://github.com/netty/netty/issues/8165.
2018-08-31 17:08:14 +02:00
Norman Maurer
54f565ac67
Allow to use native transports when sun.misc.Unsafe is not present on… (#8231)
* Allow to use native transports when sun.misc.Unsafe is not present on the system

Motivation:

We should be able to use the native transports (epoll / kqueue) even when sun.misc.Unsafe is not present on the system. This is especially important as Java11 will be released soon and does not allow access to it by default.

Modifications:

- Correctly disable usage of sun.misc.Unsafe when -PnoUnsafe is used while running the build
- Correctly increment metric when UnpooledDirectByteBuf is allocated. This was uncovered once -PnoUnsafe usage was fixed.
- Implement fallbacks in all our native transport code for when sun.misc.Unsafe is not present.

Result:

Fixes https://github.com/netty/netty/issues/8229.
2018-08-29 19:36:33 +02:00
root
a580dc7585 [maven-release-plugin] prepare for next development iteration 2018-08-24 06:36:33 +00:00
root
3fc789e83f [maven-release-plugin] prepare release netty-4.1.29.Final 2018-08-24 06:36:06 +00:00
Norman Maurer
a0a4d87eab
Update to netty-tcnative 2.0.14 which does correctly handle shading (#8218) 2018-08-24 06:42:21 +02:00
Norman Maurer
df00539fa2
Allow to load PrivateKey via OpenSSL Engine (#8200)
Motivation:

OpenSSL itself has an abstraction which allows you to customize some things. For example it is possible to load the PrivateKey from the engine. We should support this.

Modifications:

Add two new static methods to OpenSslX509KeyManagerFactory which allow to create an OpenSslX509KeyManagerFactory that loads its PrivateKey via the OpenSSL Engine directly.

Result:

More flexible usage of OpenSSL possible
2018-08-18 07:20:44 +02:00
Norman Maurer
534de73d28
Workaround JDK bug that will cause an AssertionError when calling ServerSocketChannel.config().getOptions(). (#8183)
Motivation:

There is a JDK bug which will return IP_TOS as supported option for ServerSocketChannel even if its not supported afterwards and cause an AssertionError.
See http://mail.openjdk.java.net/pipermail/nio-dev/2018-August/005365.html.

Modifications:

Add a workaround for the JDK bug.

Result:

ServerSocketChannel.config().getOptions() will not throw anymore and work as expected.
2018-08-09 13:11:08 +02:00
root
fcb19cb589 [maven-release-plugin] prepare for next development iteration 2018-07-27 04:59:28 +00:00
root
ff785fbe39 [maven-release-plugin] prepare release netty-4.1.28.Final 2018-07-27 04:59:06 +00:00
Norman Maurer
952eeb8e1e
Support the usage of SocketOption when nio is used and the java versi… (#8085)
* Support the usage of SocketOption when nio is used and the java version >= 7.

Motivation:

The JDK uses SocketOption since java7 to support configuration options on the underyling Channel. We should allow to create a ChannelOption from a given SocketOption if nio is used. This also allows us to expose the same featureset in terms of configuration as the java nio implementation does without any extra effort.

Modifications:

- Add NioChannelOption which allows to wrap an existing SocketOption which then can be applied to the nio transport.
- Add test-cases

Result:

Support the same configuration options as the JDK. Also fixes https://github.com/netty/netty/issues/8072.
2018-07-25 12:32:28 +08:00
Norman Maurer
d67d639f5f
Add integration test for shading native libraries. (#8123)
Motivation:

It's easy to break the support for shading native libs as shown in https://github.com/netty/netty/issues/8090. We should have some testing to ensure all works as expected.

Modification:

Add new testsuite which verifies that shading our native transports work as expected.

Result:

Include test to verify shading of native code.
2018-07-11 20:03:59 +01:00
root
b4dbdc2036 [maven-release-plugin] prepare for next development iteration 2018-07-11 15:37:40 +00:00
root
1c16519ac8 [maven-release-plugin] prepare release netty-4.1.27.Final 2018-07-11 15:37:21 +00:00
root
7bb9e7eafe [maven-release-plugin] prepare for next development iteration 2018-07-10 05:21:24 +00:00
root
8ca5421bd2 [maven-release-plugin] prepare release netty-4.1.26.Final 2018-07-10 05:18:13 +00:00
Norman Maurer
9bf74a6809
Update to netty-tcnative 2.0.12.Final (#8073)
Motivation:

A new version of tcnative was released that allows to use features depending on the runtime version of openssl, which makes it possible to use KeyManagerFactory and hostname verification on newer versions of centos/fedora/rhel and debian/ubuntu without the need to compile again.

Modifications:

Update to 2.0.12.Final

Result:

Use latest version of netty-tcnative to support more features.
2018-06-28 08:42:44 +02:00
Norman Maurer
0337ecdcc8 Allow to cache keymaterial when using OpenSSL
Motiviation:

During profiling it showed that a lot of time during the handshake is spent by parsing the key / chain over and over again. We should cache these parsed structures if possible to reduce the overhead during handshake.

Modification:

- Use new APIs provided by https://github.com/netty/netty-tcnative/pull/360.
- Introduce OpensslStaticX509KeyManagerFactory which allows to wrap another KeyManagerFactory and caches the key material provided by it.

Result:

In benchmarks handshake times have improved by 30 %.
2018-06-24 07:36:27 +02:00
Norman Maurer
a8549b138d
Update to netty-tcnative 2.0.10.Final as 2.0.9.Final did not contain all native libs for boringssl. (#8031)
Motivation:

netty-tcnative 2.0.9 did not contain all native code for boringssl due a release mistake.

Modifications:

Update to 2.0.10

Result:

Use latest netty-tcnative release.
2018-06-17 10:55:43 +02:00
Norman Maurer
9b0fa2f668
Update to netty-tcnative 2.0.9.Final which fixes a memory leak (#8026)
Motivation:

netty-tcnative 2.0.9.Final was released which fixes a memory leak that can happen if client auth is used via client side.

Modifications:

Update to latest netty-tcnative.

Result:

No more memory leak.
2018-06-15 13:24:42 +02:00
Norman Maurer
b192bf12ad
Update conscrypt to 1.1.3 which fixes some NPEs during tests when using conscrypt. (#8001)
Motivation:

When using conscrypt some NPEs were logged, these were fixed in the latest release.

Modifications:

Update to conscrypt 1.1.3.

Result:

Fixes https://github.com/netty/netty/issues/7988.
2018-06-04 20:40:08 +02:00
Norman Maurer
2e587f75cb
Don't trim stacktrace for exceptions when running mvn test (#7981)
Motivation:

The maven surefire plugin will trim stacktraces by default which makes these kind of use-less when trying to understand why an test failed because one was thrown.

Modifications:

Configure the plugin to not trim the stacktrace.

Result:

Easier to debug test-failures.
2018-05-29 10:59:42 +02:00
Norman Maurer
19e7b4438f
Update to conscrypt 1.1.2 (#7949)
Motivation:

We use latest conscrypt to test against.

Modifications:

Update to conscrypt 1.1.2

Result:

Use latest conscrypt release.
2018-05-18 12:27:40 +02:00
ossdev07
85e2987719 pom.xml: adding suuport for AARCH64 architecture in Netty/Transport/N… (#7933)
Netty/Transport/Native/Epoll project can be build on aarch64 platform as well.

Motivation:
To provide the support for AARCH64 architecture

Modification:
Adjusted regex for enforce plugin to also allow AARCH64.

Result:
Be able to compile on AARCH64
2018-05-15 11:38:15 +02:00
Norman Maurer
64bb279f47 [maven-release-plugin] prepare for next development iteration 2018-05-14 11:11:45 +00:00
Norman Maurer
c67a3b0507 [maven-release-plugin] prepare release netty-4.1.25.Final 2018-05-14 11:11:24 +00:00
Norman Maurer
dc0cf3e099
Ensure Netty can be build with Java 11 (#7926)
Motivation:

Java 11 will be out soon, so we should be able to build (and run tests) netty.

Modifications:

- Add dependency that is needed till Java 11
- Adjust tests so these also pass on Java 11 (SocketChannelImpl.close() behavious a bit differently now).

Result:

Build also works (and tests pass) on Java 11.
2018-05-12 20:25:11 +02:00
Norman Maurer
c990c121ea
Only use jboss-marshalling when using Java 10 (#7929)
Motivation:

cff87de44c updated jboss-marshalling to 2.0.5.Final but this broke the ability to run tests with Java 7.

Modifications:

Only use 2.0.5.Final if compiled against Java 10 (as before 1.4.x works fine).

Result:

Be able to run tests with Java 7 on the CI.
2018-05-12 09:42:01 +02:00
Norman Maurer
cff87de44c
Make build pass on Java 10 (#7922)
Motivation:

Java 10 is out so we should be able to build netty with it (and run the tests).

Modifications:

- Update Mockito and JBoss Marshalling to support Java 10
- Fix unit test to not depend on specific cipher which is not present in Java 10 anymore

Result:

Netty builds (and runs all tests) when using Java 10
2018-05-10 08:36:17 +02:00
Karl Pauls
5256d17363 Make osgi testing work with java>=9 by updating to felix framework 5.6.10 (#7923)
Motivation:

Currently, the testing-osgi is set to skip if run with java>=9. That is not necessary when using a newer version of Felix.

Modification:

Update to Felix framework 5.6.10 (which has better jpms support), add some more --add-opens to not have WARN messages, and remove the skipOsgiTestsuite setting from the parent pom.

Result:

OSGi tests run and pass on java>=9.
2018-05-09 18:26:38 +02:00
Trustin Lee
48fe14402a Update os-maven-plugin to 1.6.0 (#7884)
Motivation:

A new version of os-maven-plugin has been released.

Modifications:

- Update os-maven-plugin from 1.5.0 to 1.6.0

Result:

- No visible changes
- Feels good
2018-04-23 08:30:42 +02:00
Norman Maurer
b75f44db9a [maven-release-plugin] prepare for next development iteration 2018-04-19 11:56:07 +00:00
Norman Maurer
04fac00c8c [maven-release-plugin] prepare release netty-4.1.24.Final 2018-04-19 11:55:47 +00:00
root
0a61f055f5 [maven-release-plugin] prepare for next development iteration 2018-04-04 10:44:46 +00:00