Go to file
Trustin Lee a72230061d Add an OpenSslEngine and the universal API for enabling SSL
Motivation:

Some users already use an SSLEngine implementation in finagle-native. It
wraps OpenSSL to get higher SSL performance.  However, to take advantage
of it, finagle-native must be compiled manually, and it means we cannot
pull it in as a dependency and thus we cannot test our SslHandler
against the OpenSSL-based SSLEngine.  For an instance, we had #2216.

Because the construction procedures of JDK SSLEngine and OpenSslEngine
are very different from each other, we also need to provide a universal
way to enable SSL in a Netty application.

Modifications:

- Pull netty-tcnative in as an optional dependency.
  http://netty.io/wiki/forked-tomcat-native.html
- Backport NativeLibraryLoader from 4.0
- Move OpenSSL-based SSLEngine implementation into our code base.
  - Copied from finagle-native; originally written by @jpinner et al.
  - Overall cleanup by @trustin.
- Run all SslHandler tests with both default SSLEngine and OpenSslEngine
- Add a unified API for creating an SSL context
  - SslContext allows you to create a new SSLEngine or a new SslHandler
    with your PKCS#8 key and X.509 certificate chain.
  - Add JdkSslContext and its subclasses
  - Add OpenSslServerContext
- Add ApplicationProtocolSelector to ensure the future support for NPN
  (NextProtoNego) and ALPN (Application Layer Protocol Negotiation) on
  the client-side.
- Add SimpleTrustManagerFactory to help a user write a
  TrustManagerFactory easily, which should be useful for those who need
  to write an alternative verification mechanism. For example, we can
  use it to implement an unsafe TrustManagerFactory that accepts
  self-signed certificates for testing purposes.
- Add InsecureTrustManagerFactory and FingerprintTrustManager for quick
  and dirty testing
- Add SelfSignedCertificate class which generates a self-signed X.509
  certificate very easily.
- Update all our examples to use SslContext.newClient/ServerContext()
- SslHandler now logs the chosen cipher suite when handshake is
  finished.

Result:

- Cleaner unified API for configuring an SSL client and an SSL server
  regardless of its internal implementation.
- When native libraries are available, OpenSSL-based SSLEngine
  implementation is selected automatically to take advantage of its
  performance benefit.
- Examples take advantage of this modification and thus are cleaner.
2014-05-18 02:33:26 +09:00
all Generate the default JAR to make oss.sonatype.org happy 2014-05-03 17:28:28 +09:00
buffer Fix capacity check bug affecting offheap buffers 2014-05-13 07:25:26 +02:00
codec Use ByteBuf.readSlice(...).retain() to minimize memory copies. 2014-05-10 17:21:06 +02:00
codec-http Adding short-curcuit option for CORS 2014-05-06 12:06:34 +02:00
codec-http2 Correctly release buffer when testing DelegatingHttp2ConnectionHandler 2014-05-14 06:19:12 +02:00
codec-memcache Synchronized between 4.1 and master 2014-04-25 00:36:01 +09:00
codec-socks Correctly handle SocksCmdResponse. Related to #2428 2014-04-30 10:45:14 +02:00
common Add an OpenSslEngine and the universal API for enabling SSL 2014-05-18 02:33:26 +09:00
example Add an OpenSslEngine and the universal API for enabling SSL 2014-05-18 02:33:26 +09:00
handler Add an OpenSslEngine and the universal API for enabling SSL 2014-05-18 02:33:26 +09:00
license Preparation for porting OpenSSL support in 3.10 2014-05-17 20:01:09 +09:00
microbench Upgrade JMH to 0.4.1 and make use of @Params. 2014-02-23 16:39:15 +01:00
tarball [maven-release-plugin] prepare for next development iteration 2013-12-22 22:06:15 +09:00
testsuite Add an OpenSslEngine and the universal API for enabling SSL 2014-05-18 02:33:26 +09:00
transport Better implementation of AttributeMap and also add hasAttr(...). SeeĀ [#2439] 2014-05-15 06:47:58 +02:00
transport-native-epoll Add an OpenSslEngine and the universal API for enabling SSL 2014-05-18 02:33:26 +09:00
transport-rxtx Resurrect channel deregistration and constructor changes 2014-04-24 20:54:50 +09:00
transport-sctp Synchronized between 4.1 and master again (part 2) 2014-04-25 15:07:12 +09:00
transport-udt Synchronized between 4.1 and master again (part 2) 2014-04-25 15:07:12 +09:00
.fbfilter.xml Update license headers 2012-06-04 13:31:44 -07:00
.fbprefs Updated Find Bugs configuration 2009-03-04 10:33:09 +00:00
.gitignore Format and partially describe Gitignore 2013-12-10 07:03:43 +01:00
.travis.yml Travis CI branch whitelisting 2013-03-11 09:55:43 +09:00
CONTRIBUTING.md Move the pull request guide to the developer guide 2014-03-12 13:17:58 +09:00
LICENSE.txt Relicensed to Apache License v2 2009-08-28 07:15:49 +00:00
NOTICE.txt Preparation for porting OpenSSL support in 3.10 2014-05-17 20:01:09 +09:00
pom.xml Add an OpenSslEngine and the universal API for enabling SSL 2014-05-18 02:33:26 +09:00
README.md Synchronized between 4.1 and master (part 3) 2014-04-25 16:17:16 +09:00

Netty Project

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients.

How to build

For the detailed information about building and developing Netty, please visit the developer guide. This page only gives very basic information.

You require the following to build Netty:

Note that this is build-time requirement. JDK 5 (for 3.x) or 6 (for 4.0+) is enough to run your Netty-based application.

Branches to look

The 'master' branch is where the development of the latest major version lives on. The development of all other versions takes place in each branch whose name is identical to <majorVersion>.<minorVersion>. For example, the development of 3.9 and 4.0 resides in the branch '3.9' and the branch '4.0' respectively.