Commit Graph

578 Commits

Author SHA1 Message Date
Norman Maurer
9df2540da7 Add maven profile to run tests with -Dio.netty.noUnsafe=true
Motivation:

We had reports of failures before when sun.misc.Unsafe was not present. We should run our tests also with it disable to ensure everything works even if sun.misc.Unsafe is not present on the system.

Modifications:

Add a new profile which allows to run tests without Unsafe (using -PnoUnsafe)

Result:

Better testing of netty for systems where sun.misc.Unsafe is not present.
2016-02-06 09:57:52 +01:00
Scott Mitchell
711303d9d8 Update jetty-alpn-agent version
Motivation:
Builds fail with java 1.8.0_72 because jetty-alpn-boot has absorbed new code from openjdk and older version are now incompatible.

Modifications:
- Updated jetty-alpn-agent version

Result:
We can now build/develop using java 1.8.0_72
2016-02-06 09:54:53 +01:00
Norman Maurer
0b9ff2af3a [#4746] Support SNI when using OpenSSL
Motivation:

When using SslProvider.OPENSSL we currently not handle SNI on the client side.

Modifications:

Correctly enable SNI when using clientMode and peerHost != null.

Result:

SNI works even with SslProvider.OPENSSL.
2016-02-03 10:50:45 +01:00
Norman Maurer
7522cade65 Allow to specify tcnative artifactId and verion to allow run tests easily with different tcnative flavors
Motivation:

As we now can easily build static linked versions of tcnative it makes sense to run our netty build against all of them.
This helps to ensure our code works with libressl, openssl and boringssl.

Modifications:

Allow to specify -Dtcnative.artifactId= and -Dtcnative.version=

Result:

Easy to run netty build against different tcnative flavors.
2016-01-29 22:25:03 +01:00
Norman Maurer
b647513b6b [maven-release-plugin] prepare for next development iteration 2016-01-29 09:57:10 +01:00
Norman Maurer
cf1777b619 [maven-release-plugin] prepare release netty-4.0.34.Final 2016-01-29 09:23:46 +01:00
Brendt Lucas
357720ea77 Clear disabled SSL protocols before enabling provided SSL protocols
Motivation:

Attempts to enable SSL protocols which are currently disabled fail when using the OpenSslEngine. Related to https://github.com/netty/netty/issues/4736

Modifications:

Clear out all options that have disabled SSL protocols before attempting to enable any SSL protocol.

Result:

setEnabledProtocols works as expected.
2016-01-22 17:33:14 +01:00
Stephane Landelle
0e5a3f9db5 Fix deprecated Maven expressions usage
Motivation:

Parent pom.xml uses deprecated maven expressions, such as `${groupId}`
which should be ${project.groupId}.
This causes tons of warnings on every module in the build.

Modifications:

Use up to date syntax.

Result:

No more maven warnings.
2016-01-08 14:38:54 +01:00
Trustin Lee
88178584c4 Use jetty-alpn-agent to simplify pom.xml
Motivation:

We had to add a new profile for each OpenJDK/OracleJDK release to make
Maven choose the correct alpn-boot.jar and npn-boot.jar. As a result,
our pom.xml has a large number of `<profile/>` sections.

Modifications:

- Use jetty-alpn-agent, which chooses the correct alpn-boot.jar and
  npn-boot.jar automatically to remove all the nasty profile sections
  from pom.xml
  - Visit https://github.com/trustin/jetty-alpn-agent for more info

Result:

Cleaner pom.xml
2016-01-04 20:40:46 +01:00
Norman Maurer
450939842e Fix version 2015-11-24 21:24:22 +01:00
Scott Mitchell
4979c04149 update pom due to alpn provided
Motiviation:
According to jetty docs the alpn-api should use the provided scope.

Modificaitons:
- change scope to provided for alpn-api
- update for new jdk

Result:
Users of Netty don't run into alpn version conflicts.
Fixes https://github.com/netty/netty/issues/4480
2015-11-23 12:53:30 -08:00
Trustin Lee
80f6104072 Require RHEL/CentOS 6.7 for releasing Netty
Motivation:

6.7 is the latest stable release in RHEL/CentOS 6 line. Given that most
RHEL/CentOS users have upgraded to 6.7 via yum upgrade, we should bump
our requirement.

Modification:

s/6.6/6.7/g

Result:

'mvn release:*' must be run on RHEL/CentOS 6.7 instead of 6.6.
2015-11-21 09:59:42 +09:00
Scott Mitchell
e003842467 Update ALPN boot version
Motivation:
A new version of ALPN boot has been released.

Modifications:
- Update the pom to pull in this new version

Result:
New JDK get new ALPN boot.
2015-11-07 09:38:20 -08:00
Norman Maurer
69b5aefd09 [maven-release-plugin] prepare release netty-4.0.33.Final 2015-11-03 14:18:17 +01:00
Norman Maurer
0236af7995 Implement SSLSession.invalidate() and isValid() for OpenSSLEngine.
Motivation:

The SSLSession allows to invalidate a SSLSession and so disallow resume of a session. We should support this for OpenSSLEngine as well.

Modifications:

- Correctly implement SSLSession.isValid() and invalidate() in OpenSSLEngine
- Add unit test.

Result:

Invalidate of SSL sessions is supported when using OpenSSL now.
2015-10-15 12:02:04 +02:00
Norman Maurer
87062671b8 Add support for server-side renegotiation when using OpenSslEngine.
Motivation:

JDK SslEngine supports renegotion, so we should at least support it server-side with OpenSslEngine as well.

That said OpenSsl does not support sending messages asynchronly while the renegotiation is still in progress, so the application need to ensure there are not writes going on while the renegotiation takes place. See also https://rt.openssl.org/Ticket/Display.html?id=1019 .

Modifications:

- Add support for renegotiation when OpenSslEngine is used in server mode
- Add unit tests.
- Upgrade to netty-tcnative 1.1.33.Fork9

Result:

Better compatibility with the JDK SSLEngine implementation.
2015-10-02 11:24:31 +02:00
Norman Maurer
696a287736 [maven-release-plugin] prepare for next development iteration 2015-09-30 09:31:26 +02:00
Norman Maurer
fb2d562306 [maven-release-plugin] prepare release netty-4.0.32.Final 2015-09-30 09:28:40 +02:00
Norman Maurer
d439b5e267 Fix enforcer rule for new os detection plugin 2015-09-30 10:01:31 +02:00
Norman Maurer
4b63ac95ae Upgrade to netty-tcnative 1.1.33.Fork8
Motivation:

A new version of netty-tcnative was released with some important bug-fixes.

Modifications:

Bump up version.

Result:

Using latest netty-tcnative version
2015-09-30 09:14:26 +02:00
Norman Maurer
942c4efa50 Upgrade to new os-maven-plugin
Motivation:

The last os-maven-plugin had a bug that sometimes missed to correctly detect fedora based linux.

Modifications:

Upgrade to 1.4.1

Result:

Correctly detect on all fedora based linux.
2015-09-23 08:41:09 +02:00
nmittler
65d481c24c Update Netty to latest netty-tcnative
Motivation:

The latest netty-tcnative fixes a bug in determining the version of the runtime openssl lib.  It also publishes an artificact with the classifier linux-<arch>-fedora for fedora-based systems.

Modifications:

Modified the build files to use the "-fedora" classifier when appropriate for tcnative. Care is taken, however, to not change the classifier for the native epoll transport.

Result:

Netty is updated the the new shiny netty-tcnative.
2015-09-18 12:09:41 -07:00
Norman Maurer
08b4c7d6b5 Upgrade jzlib version
Motivation:

A new version of jzlib was released some time ago.

Modifications:

Upgrade to the newest jzlib version.

Result:

Using latest release.
2015-09-15 08:30:15 +02:00
Norman Maurer
bd928eaa38 [maven-release-plugin] prepare for next development iteration 2015-09-02 08:58:54 +02:00
Norman Maurer
26bbcc38c2 [maven-release-plugin] prepare release netty-4.0.31.Final 2015-09-02 08:57:57 +02:00
Scott Mitchell
b629b50cf0 Build fails with java 1.8_u60
Motivation:
The alpn / npn dependency versions are dependent on java version. If a java version 1.8+ is used that is not explicitly listed in the pom file then ALPN tests will fail because the java 1.7 version of alpn will be loaded by out pom file.

Modifications:
- Ensure there is a latest version to fall back up for npn 1.7+
- Ensure there is a latest version to fall back upon from alpn 1.8+

Result:
Build can complete despite having a newer jdk which is not listed in our pom file.
2015-08-28 08:57:10 -07:00
Norman Maurer
1ba087bc86 Upgrade to netty-tcnative-1.3.33.Fork6
Motivation:

A new netty-tcnative bugfix release was released.

Modifications:

Upgrade version.

Result:

Using latest netty-tcnative version
2015-08-28 14:54:00 +02:00
fei wong reed
24bcc11095 Correct OSGi manifests in source jars
Related: #3886

Motivation:

We were including OSGi manifests in sources/javadoc JARs, and OSGi
container treats them as correct dependencies when resolving from OBR
repository, which is incorrect. Runtime fails with non-descriptive
ClassNotFoundException as a result.

Modifications:

- Do not include the OSGi manifests in sources/javadoc JARs
- Include Eclipse-related manifest entries in sources/javadoc JARs

Result:

Better OSGi compatibility
2015-08-21 12:59:06 +09:00
Trustin Lee
74eab518d7 Upgrade jacoco-maven-plugin to the latest version 2015-08-16 19:25:06 +09:00
Scott Mitchell
6dcb78e3c0 Update npn and alpn dependencies
Motivation:
New versions of alpn-boot and npn-boot have been released.

Modifications:
- Update pom to pull in new versions.

Result:
Dependencies more up to date.
2015-08-13 10:06:41 -07:00
Norman Maurer
75d6a51d65 Allow to create SslContext from existing PrivateKey / X509Certificate
Motivation:

Sometimes the user already has a PrivateKey / X509Certificate which should be used to create a new SslContext. At the moment we only allow to construct it via Files.

Modifications:

- Add new methods to the SslContextBuilder to allow creating a SslContext from PrivateKey / X509Certificate
- Mark all public constructors of *SslContext as @Deprecated, the user should use SslContextBuilder
- Update tests to us SslContextBuilder.

Result:

Creating of SslContext is possible with PrivateKay/X509Certificate
2015-08-12 14:59:48 +02:00
Norman Maurer
148692705c [maven-release-plugin] prepare for next development iteration 2015-07-24 10:11:44 +02:00
Norman Maurer
11cc2d5197 [maven-release-plugin] prepare release netty-4.0.30.Final 2015-07-24 09:54:20 +02:00
Norman Maurer
6b83ff0594 Upgrade to netty-tcnative 1.1.33.Fork4
Motivation:

netty-tcnative 1.1.33.Fork4 was released.

Modifications:

Upgrade to new version.

Result:

Up to date dependency.
2015-07-10 11:54:19 +02:00
Norman Maurer
1da998bc7c [maven-release-plugin] prepare for next development iteration 2015-06-23 11:08:27 +02:00
Norman Maurer
4c482c1215 [maven-release-plugin] prepare release netty-4.0.29.Final 2015-06-23 11:07:56 +02:00
Norman Maurer
1b383c5de8 Correctly handle errors when using OpenSSL
Motivation:

We used ERR_get_error() to detect errors and missed to handle different errors. Also we missed to clear the error queue for a thread before invoke SSL operations,
this could lead to detecting errors on different OpenSslEngines then the one in which the error actual happened.

Modifications:

Explicit handle errors via SSL.get_error and clear the error code before SSL operations.

Result:

Correctly handle errors and no false-positives in different OpenSslEngines then the one which detected an error.
2015-06-21 21:07:12 +02:00
Norman Maurer
2c479b77c1 Backport codec-haproxy
Motivation:

The codec-haproxy is very useful and standalone. So it should be very safe to backport it and make it usable by 4.0 users.

Modifications:

Backport codec-haproxy.

Result:

codec-haproxy is now included in 4.0.
2015-06-04 19:26:50 +02:00
Trustin Lee
1dac4e44ec Remove the verbose:gc flag from the build
Motivation:

When a faulty never-ending test keeps producing a lot of garbage doing
nothing but generating CPU load, our CI fails to detect the stalled
build, because it determines the 'inactivity time' from console
activity and GC keeps producing console output.

Modifications:

Remove the -verbose:gc flag from pom.xml

Result:

Stalled builds are terminated by our CI server.
2015-05-29 10:47:55 +09:00
nmittler
2ca6a70211 Upgrading Jetty alpn-api version
Motivation:

Discussion is in https://github.com/jetty-project/jetty-alpn/issues/8. The new API allows protocol negotiation to properly throw SSLHandshakeException.

Modifications:

Updated the parent pom.xml with the new version.

Result:

Upgraded alpn-api now allows throwing SSLHandshakeException.
2015-05-22 13:15:21 -07:00
Norman Maurer
b02f52a680 [#3784] Support hostname verification when using OpenSSLEngine
Motivation:

At the moment hostname verification is not supported with OpenSSLEngine.

Modifications:

- Allow to create OpenSslEngine with peerHost and peerPort informations.
- Respect endPointIdentificationAlgorithm and algorithmConstraints when set and get SSLParamaters.

Result:

hostname verification is supported now.
2015-05-18 08:01:38 +02:00
Norman Maurer
d1c46ca987 [maven-release-plugin] prepare for next development iteration 2015-05-07 11:33:47 -04:00
Norman Maurer
005d4a42fc [maven-release-plugin] prepare release netty-4.0.28.Final 2015-05-07 11:33:09 -04:00
Norman Maurer
0f4d3a981e Revert "[maven-release-plugin] prepare for next development iteration"
This reverts commit 3c10ffab5e.
2015-05-07 11:02:03 -04:00
Norman Maurer
3c10ffab5e [maven-release-plugin] prepare for next development iteration 2015-05-07 09:09:23 -04:00
Norman Maurer
4581c441c9 Allow rejection of remote initiated renegotiation
Motivation:

To prevent from DOS attacks it can be useful to disable remote initiated renegotiation.

Modifications:

Add new flag to OpenSslContext that can be used to disable it
Adding a testcase

Result:

Remote initiated renegotion requests can be disabled now.
2015-05-07 14:41:00 +02:00
Trustin Lee
7b457a48f7 Add more profiles for newer JDK versions
Modifications:

- Add jetty.npn.version.latest and jetty.alpn.version.latest7/8
- Add npn-alpn-7 profile
- Use the *.latest7/8 version properties in alpn-8 and npn-alpn-7
- Add more profiles for newer JDK versions
- Reorder profiles
2015-05-04 14:33:56 +09:00
Norman Maurer
b50f2d5294 [#3218] Add ChannelPool / ChannelPoolMap abstraction and implementations
Motivation:

Many projects need some kind a Channel/Connection pool implementation. While the protocols are different many things can be shared, so we should provide a generic API and implementation.

Modifications:

Add ChannelPool / ChannelPoolMap API and implementations.

Result:

Reusable / Generic pool implementation that users can use.
2015-04-30 12:04:19 +02:00
Norman Maurer
97a3308c7e Add support for ALPN when using openssl + NPN client mode and support for CipherSuiteFilter
Motivation:

To support HTTP2 we need APLN support. This was not provided before when using OpenSslEngine, so SSLEngine (JDK one) was the only bet.
Beside this CipherSuiteFilter was not supported

Modifications:

- Upgrade netty-tcnative and make use of new features to support ALPN and NPN in server and client mode.
- Guard against segfaults after the ssl pointer is freed
- support correctly different failure behaviours
- add support for CipherSuiteFilter

Result:

Be able to use OpenSslEngine for ALPN / NPN for server and client.
2015-04-10 18:59:58 +02:00
Norman Maurer
f2fedbcdef [maven-release-plugin] prepare for next development iteration 2015-03-31 22:06:30 -04:00