f7b3caeddc
Motivation: The JDK SSLEngine documentation says that a call to wrap/unwrap "will attempt to consume one complete SSL/TLS network packet" [1]. This limitation can result in thrashing in the pipeline to decode and encode data that may be spread amongst multiple SSL/TLS network packets. ReferenceCountedOpenSslEngine also does not correct account for the overhead introduced by each individual SSL_write call if there are multiple ByteBuffers passed to the wrap() method. Modifications: - OpenSslEngine and SslHandler supports a mode to not comply with the limitation to only deal with a single SSL/TLS network packet per call - ReferenceCountedOpenSslEngine correctly accounts for the overhead of each call to SSL_write - SslHandler shouldn't cache maxPacketBufferSize as aggressively because this value may change before/after the handshake. Result: OpenSslEngine and SslHanadler can handle multiple SSL/TLS network packet per call. [1] https://docs.oracle.com/javase/7/docs/api/javax/net/ssl/SSLEngine.html
42 lines
1.5 KiB
Java
42 lines
1.5 KiB
Java
/*
|
|
* Copyright 2014 The Netty Project
|
|
*
|
|
* The Netty Project licenses this file to you under the Apache License,
|
|
* version 2.0 (the "License"); you may not use this file except in compliance
|
|
* with the License. You may obtain a copy of the License at:
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
* License for the specific language governing permissions and limitations
|
|
* under the License.
|
|
*/
|
|
package io.netty.handler.ssl;
|
|
|
|
import io.netty.buffer.ByteBufAllocator;
|
|
|
|
import javax.net.ssl.SSLEngine;
|
|
|
|
/**
|
|
* Implements a {@link SSLEngine} using
|
|
* <a href="https://www.openssl.org/docs/crypto/BIO_s_bio.html#EXAMPLE">OpenSSL BIO abstractions</a>.
|
|
* <p>
|
|
* This class will use a finalizer to ensure native resources are automatically cleaned up. To avoid finalizers
|
|
* and manually release the native memory see {@link ReferenceCountedOpenSslEngine}.
|
|
*/
|
|
public final class OpenSslEngine extends ReferenceCountedOpenSslEngine {
|
|
OpenSslEngine(OpenSslContext context, ByteBufAllocator alloc, String peerHost, int peerPort,
|
|
boolean jdkCompatibilityMode) {
|
|
super(context, alloc, peerHost, peerPort, jdkCompatibilityMode, false);
|
|
}
|
|
|
|
@Override
|
|
@SuppressWarnings("FinalizeDeclaration")
|
|
protected void finalize() throws Throwable {
|
|
super.finalize();
|
|
OpenSsl.releaseIfNeeded(this);
|
|
}
|
|
}
|