Related to #376: Do not create default SSL client provider when creat…

…ing a server
reactor · Jul 11, 2018 · ddfb93f · ddfb93f
1 parent 911f69e
commit ddfb93f
Show file tree

Hide file tree

Showing 4 changed files with 48 additions and 43 deletions.
diff --git a/src/main/java/reactor/netty/http/client/HttpClientConnect.java b/src/main/java/reactor/netty/http/client/HttpClientConnect.java
@@ -28,8 +28,6 @@
 import java.util.regex.Pattern;
 import java.util.regex.PatternSyntaxException;
 import javax.annotation.Nullable;
-import javax.net.ssl.SSLEngine;
-import javax.net.ssl.SSLParameters;
 
 import io.netty.bootstrap.Bootstrap;
 import io.netty.buffer.ByteBufAllocator;
@@ -64,7 +62,6 @@
 import io.netty.handler.ssl.ApplicationProtocolNegotiationHandler;
 import io.netty.handler.ssl.JdkSslContext;
 import io.netty.handler.ssl.SslContext;
-import io.netty.handler.ssl.SslHandler;
 import io.netty.util.AsciiString;
 import io.netty.util.concurrent.Future;
 import io.netty.util.concurrent.GenericFutureListener;
@@ -201,7 +198,7 @@ public void subscribe(CoreSubscriber<? super Connection> actual) {
 			if (ssl != null) {
 				SslProvider.updateSslSupport(b,
 						SslProvider.addHandlerConfigurator(ssl,
-								DEFAULT_HOSTNAME_VERIFICATION));
+								HttpClientSecure.DEFAULT_HOSTNAME_VERIFICATION));
 			}
 
 			HttpClientHandler handler = new HttpClientHandler(configuration, b.config()
@@ -230,7 +227,7 @@ public void subscribe(CoreSubscriber<? super Connection> actual) {
 				if (handler.activeURI.isSecure()) {
 					if (ssl == null) {
 						finalBootstrap = SslProvider.updateSslSupport(b.clone(),
-								DEFAULT_HTTP_SSL_PROVIDER);
+								HttpClientSecure.defaultClientProvider());
 					}
 					else {
 						finalBootstrap = b.clone();
@@ -803,13 +800,4 @@ protected void initChannel(Channel ch) {
 
 	static final BiFunction<String, Integer, InetSocketAddress> URI_ADDRESS_MAPPER =
 			InetSocketAddressUtil::createUnresolved;
-
-	static final Consumer<? super SslHandler> DEFAULT_HOSTNAME_VERIFICATION = handler -> {
-		SSLEngine sslEngine = handler.engine();
-		SSLParameters sslParameters = sslEngine.getSSLParameters();
-		sslParameters.setEndpointIdentificationAlgorithm("HTTPS");
-		sslEngine.setSSLParameters(sslParameters);
-	};
-
-	static final SslProvider DEFAULT_HTTP_SSL_PROVIDER = SslProvider.addHandlerConfigurator(SslProvider.defaultClientProvider(), DEFAULT_HOSTNAME_VERIFICATION);
 }
diff --git a/src/main/java/reactor/netty/http/client/HttpClientSecure.java b/src/main/java/reactor/netty/http/client/HttpClientSecure.java
@@ -18,15 +18,17 @@
 import java.util.Objects;
 import java.util.function.Consumer;
 import javax.annotation.Nullable;
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLParameters;
 
 import io.netty.handler.codec.http2.Http2SecurityUtil;
 import io.netty.handler.ssl.ApplicationProtocolConfig;
 import io.netty.handler.ssl.ApplicationProtocolNames;
 import io.netty.handler.ssl.OpenSsl;
 import io.netty.handler.ssl.SslContext;
 import io.netty.handler.ssl.SslContextBuilder;
+import io.netty.handler.ssl.SslHandler;
 import io.netty.handler.ssl.SupportedCipherSuiteFilter;
-import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
 import reactor.netty.tcp.SslProvider;
 import reactor.netty.tcp.TcpClient;
 
@@ -57,6 +59,22 @@ protected TcpClient tcpConfiguration() {
 		return source.tcpConfiguration().secure(sslProviderBuilder);
 	}
 
+	/**
+	 * Return the default client ssl provider
+	 *
+	 * @return default client ssl provider
+	 */
+	public static SslProvider defaultClientProvider() {
+		return SslProvider.addHandlerConfigurator(SslProvider.defaultClientProvider(), DEFAULT_HOSTNAME_VERIFICATION);
+	}
+
+	static final Consumer<? super SslHandler> DEFAULT_HOSTNAME_VERIFICATION = handler -> {
+		SSLEngine sslEngine = handler.engine();
+		SSLParameters sslParameters = sslEngine.getSSLParameters();
+		sslParameters.setEndpointIdentificationAlgorithm("HTTPS");
+		sslEngine.setSSLParameters(sslParameters);
+	};
+
 	static final SslContext DEFAULT_CLIENT_HTTP2_CONTEXT;
 	static {
 		SslContext sslCtx;

diff --git a/src/main/java/reactor/netty/tcp/SslProvider.java b/src/main/java/reactor/netty/tcp/SslProvider.java
@@ -86,7 +86,7 @@ public static SslProvider addHandlerConfigurator(
 	 * @return default client ssl provider
 	 */
 	public static SslProvider defaultClientProvider() {
-		return DEFAULT_CLIENT_PROVIDER;
+		return TcpClientSecure.DEFAULT_CLIENT_PROVIDER;
 	}
 
 	/**
@@ -290,18 +290,20 @@ public interface DefaultConfigurationSpec {
 		if (builder.sslContext == null) {
 			SslContextBuilder sslContextBuilder = builder.sslCtxBuilder;
 			switch (builder.type) {
-				case TCP:
-					sslContextBuilder.sslProvider(SSL_PROVIDER);
-					break;
 				case HTTP:
-					sslContextBuilder.sslProvider(SSL_PROVIDER)
-					                 .ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE)
+					sslContextBuilder.ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE)
 					                 .applicationProtocolConfig(new ApplicationProtocolConfig(
 					                     ApplicationProtocolConfig.Protocol.ALPN,
 					                     ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE,
 					                     ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT,
 					                     ApplicationProtocolNames.HTTP_2,
 					                     ApplicationProtocolNames.HTTP_1_1));
+					// deliberate fall through
+				case TCP:
+					io.netty.handler.ssl.SslProvider sslProvider =
+							OpenSsl.isAlpnSupported() ? io.netty.handler.ssl.SslProvider.OPENSSL :
+							                            io.netty.handler.ssl.SslProvider.JDK;
+					sslContextBuilder.sslProvider(sslProvider);
 					break;
 				case NONE: break; //no default configuration
 			}
@@ -614,27 +616,6 @@ public void userEventTriggered(ChannelHandlerContext ctx, Object evt)
 	}
 
 	static final Logger log = Loggers.getLogger(SslProvider.class);
-
-	static final SslProvider DEFAULT_CLIENT_PROVIDER;
-
-	static {
-		SslProvider sslProvider;
-		try {
-			sslProvider =
-					SslProvider.builder()
-					           .sslContext(SslContextBuilder.forClient())
-					           .defaultConfiguration(DefaultConfigurationType.TCP)
-					           .build();
-		}
-		catch (Exception e) {
-			sslProvider = null;
-		}
-		DEFAULT_CLIENT_PROVIDER = sslProvider;
-	}
-
-	static final io.netty.handler.ssl.SslProvider SSL_PROVIDER =
-			OpenSsl.isAlpnSupported() ? io.netty.handler.ssl.SslProvider.OPENSSL :
-			                            io.netty.handler.ssl.SslProvider.JDK;
 }
 
 

diff --git a/src/main/java/reactor/netty/tcp/TcpClientSecure.java b/src/main/java/reactor/netty/tcp/TcpClientSecure.java
@@ -21,6 +21,7 @@
 import javax.annotation.Nullable;
 
 import io.netty.bootstrap.Bootstrap;
+import io.netty.handler.ssl.SslContextBuilder;
 
 /**
  * @author Stephane Maldini
@@ -40,7 +41,7 @@ static TcpClient secure(TcpClient client, Consumer<? super SslProvider.SslContex
 	TcpClientSecure(TcpClient client, @Nullable SslProvider provider) {
 		super(client);
 		if (provider == null) {
-			this.sslProvider = SslProvider.DEFAULT_CLIENT_PROVIDER;
+			this.sslProvider = DEFAULT_CLIENT_PROVIDER;
 		}
 		else {
 			this.sslProvider = Objects.requireNonNull(provider, "provider");
@@ -57,4 +58,21 @@ public SslProvider sslProvider(){
 		return this.sslProvider;
 	}
 
+
+	static final SslProvider DEFAULT_CLIENT_PROVIDER;
+
+	static {
+		SslProvider sslProvider;
+		try {
+			sslProvider =
+					SslProvider.builder()
+					           .sslContext(SslContextBuilder.forClient())
+					           .defaultConfiguration(SslProvider.DefaultConfigurationType.TCP)
+					           .build();
+		}
+		catch (Exception e) {
+			sslProvider = null;
+		}
+		DEFAULT_CLIENT_PROVIDER = sslProvider;
+	}
 }