cb4020d4be
Motivation:
Although 4cff4b99fd introduced
OpenSslEngine and its helper classes, a user has to write two different
copies of SSL initialization code that does pretty much same job,
because the initialization procedure between JDK SSLEngine and
OpenSslEngine are different.
Modifications:
- Replace OpenSslContextBuilder with SslContext which provides the
unified API for creating an SSL context
- SslContext allows you to create a new SSLEngine or a new SslHandler
with your PKCS#8 key and X.509 certificate chain.
- Merge OpenSslBufferPool into SslBufferPool
- Add an option to preallocate the pool
- Add an option to allocate direct buffers
- When OpenSSL is in use, preallocate direct buffers, which is close
to what OpenSslBufferPool does.
- Add JdkSslContext which is a simple wrapper of JDK's SSLContext
- The specified PKCS#8 key and X.509 certificate chain are converted
to JDK KeyStore in instantiation time.
- Like OpenSslServerContext, it uses sensible default cipher suites now.
- A user does not specify certPath and caPath separately anymore. He or
she has to merge them into a single file. I find this more logical
because previously ca file's first entry and cert file were always same.
- Clean up SSL tests to demonstrate the advantage of this change
- AbstractSocketSsl*Test now uses SslContext.new*Context() to
configure both the client and the server side. We did this only for
the server side previously and had to use different certificates for
JDK SSLEngine and OpenSslEngine, but not anymore.
- Add ApplicationProtocolSelector to ensure the future support for NPN
(NextProtoNego) and ALPN (Application Layer Protocol Negotiation) on
the client-side.
- Add SimpleTrustManagerFactory to help a user write a
TrustManagerFactory easily, which should be useful for those who need
to write an alternative verification mechanism. For example, we can
use it to implement an unsafe TrustManagerFactory that accepts
self-signed certificates for testing purposes.
- Add InsecureTrustManagerFactory and FingerprintTrustManager for quick
and dirty testing
- Add SelfSignedCertificate class which generates a self-signed X.509
certificate very easily.
- Update all our examples to use SslContext.newClient/ServerContext()
- Found that OpenSslEngine performs unnecessary memory copy - optimized
it.
- SslHandler now logs the chosen cipher suite when handshake is
finished.
Result:
- Cleaner unified API for configuring an SSL client and an SSL server
regardless of its internal implementation.
- When native libraries are available, OpenSSL-based SSLEngine
implementation is selected automatically to take advantage of its
performance benefit.
- Examples take advantage of this modification and thus are cleaner.
118 lines
3.7 KiB
Plaintext
118 lines
3.7 KiB
Plaintext
|
|
The Netty Project
|
|
=================
|
|
|
|
Please visit the Netty web site for more information:
|
|
|
|
* http://netty.io/
|
|
|
|
Copyright 2011 The Netty Project
|
|
|
|
The Netty Project licenses this file to you under the Apache License,
|
|
version 2.0 (the "License"); you may not use this file except in compliance
|
|
with the License. You may obtain a copy of the License at:
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
License for the specific language governing permissions and limitations
|
|
under the License.
|
|
|
|
Also, please refer to each LICENSE.<component>.txt file, which is located in
|
|
the 'license' directory of the distribution file, for the license terms of the
|
|
components that this product depends on.
|
|
|
|
-------------------------------------------------------------------------------
|
|
This product contains the extensions to Java Collections Framework which has
|
|
been derived from the works by JSR-166 EG, Doug Lea, and Jason T. Greene:
|
|
|
|
* LICENSE:
|
|
* license/LICENSE.jsr166y.txt (Public Domain)
|
|
* HOMEPAGE:
|
|
* http://gee.cs.oswego.edu/cgi-bin/viewcvs.cgi/jsr166/
|
|
* http://viewvc.jboss.org/cgi-bin/viewvc.cgi/jbosscache/experimental/jsr166/
|
|
|
|
This product contains a modified version of Robert Harder's Public Domain
|
|
Base64 Encoder and Decoder, which can be obtained at:
|
|
|
|
* LICENSE:
|
|
* license/LICENSE.base64.txt (Public Domain)
|
|
* HOMEPAGE:
|
|
* http://iharder.sourceforge.net/current/java/base64/
|
|
|
|
This product contains a modified version of 'JZlib', a re-implementation of
|
|
zlib in pure Java, which can be obtained at:
|
|
|
|
* LICENSE:
|
|
* license/LICENSE.jzlib.txt (BSD Style License)
|
|
* HOMEPAGE:
|
|
* http://www.jcraft.com/jzlib/
|
|
|
|
This product contains a modified version of 'Webbit', a Java event based
|
|
WebSocket and HTTP server:
|
|
|
|
* LICENSE:
|
|
* license/LICENSE.webbit.txt (BSD License)
|
|
* HOMEPAGE:
|
|
* https://github.com/joewalnes/webbit
|
|
|
|
This product optionally depends on 'Protocol Buffers', Google's data
|
|
interchange format, which can be obtained at:
|
|
|
|
* LICENSE:
|
|
* license/LICENSE.protobuf.txt (New BSD License)
|
|
* HOMEPAGE:
|
|
* http://code.google.com/p/protobuf/
|
|
|
|
This product optionally depends on 'Bouncy Castle Crypto APIs' to generate
|
|
a temporary self-signed X.509 certificate when the JVM does not provide the
|
|
equivalent functionality. It can be obtained at:
|
|
|
|
* LICENSE:
|
|
* license/LICENSE.bouncycastle.txt (MIT License)
|
|
* HOMEPAGE:
|
|
* http://www.bouncycastle.org/
|
|
|
|
This product optionally depends on 'SLF4J', a simple logging facade for Java,
|
|
which can be obtained at:
|
|
|
|
* LICENSE:
|
|
* license/LICENSE.slf4j.txt (MIT License)
|
|
* HOMEPAGE:
|
|
* http://www.slf4j.org/
|
|
|
|
This product optionally depends on 'Apache Commons Logging', a logging
|
|
framework, which can be obtained at:
|
|
|
|
* LICENSE:
|
|
* license/LICENSE.commons-logging.txt (Apache License 2.0)
|
|
* HOMEPAGE:
|
|
* http://commons.apache.org/logging/
|
|
|
|
This product optionally depends on 'Apache Log4J', a logging framework,
|
|
which can be obtained at:
|
|
|
|
* LICENSE:
|
|
* license/LICENSE.log4j.txt (Apache License 2.0)
|
|
* HOMEPAGE:
|
|
* http://logging.apache.org/log4j/
|
|
|
|
This product optionally depends on 'JBoss Logging', a logging framework,
|
|
which can be obtained at:
|
|
|
|
* LICENSE:
|
|
* license/LICENSE.jboss-logging.txt (GNU LGPL 2.1)
|
|
* HOMEPAGE:
|
|
* http://anonsvn.jboss.org/repos/common/common-logging-spi/
|
|
|
|
This product optionally depends on 'Apache Felix', an open source OSGi
|
|
framework implementation, which can be obtained at:
|
|
|
|
* LICENSE:
|
|
* license/LICENSE.felix.txt (Apache License 2.0)
|
|
* HOMEPAGE:
|
|
* http://felix.apache.org/
|
|
|