Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IllegalAccessError accessing field JdkSslContext.SUPPORTED_CIPHERS when Netty and AHC sit in different ClassLoaders #1382

Closed
jamesnetherton opened this issue Mar 29, 2017 · 1 comment
Closed

IllegalAccessError accessing field JdkSslContext.SUPPORTED_CIPHERS when Netty and AHC sit in different ClassLoaders #1382

jamesnetherton opened this issue Mar 29, 2017 · 1 comment
Labels
Defect
Milestone
2.0.32

Comments

@jamesnetherton
Copy link

Usage of NettySslPackageAccessor presents some problems in environments where multiple ClassLoaders are in use.

Within an OSGi or JavaEE container, it's not unreasonable to expect that io.netty.handler.ssl.NettySslPackageAccessor and io.netty.handler.ssl.JdkSslContext will be loaded by different ClassLoaders (since they're located in separate JARs).

If this is the case, the attempt access package-private static field JdkSslContext.SUPPORTED_CIPHERS will fail with an IllegalAccessError since the package-private fields are 'scoped' at the ClassLoader level. Here's an example stack trace when this scenario plays out on JBoss WildFly:

java.lang.IllegalAccessError: tried to access field io.netty.handler.ssl.JdkSslContext.SUPPORTED_CIPHERS from class io.netty.handler.ssl.NettySslPackageAccessor
	at io.netty.handler.ssl.NettySslPackageAccessor.jdkSupportedCipherSuites(NettySslPackageAccessor.java:24)
	at org.asynchttpclient.config.AsyncHttpClientConfigDefaults.defaultEnabledCipherSuites(AsyncHttpClientConfigDefaults.java:85)
	at org.asynchttpclient.DefaultAsyncHttpClientConfig$Builder.<init>(DefaultAsyncHttpClientConfig.java:635)
	at org.asynchttpclient.DefaultAsyncHttpClient.<init>(DefaultAsyncHttpClient.java:67)
@slandelle
Copy link
Contributor

Hi,

I personally have no usage for OSGi nor JEE, so fixing this is not a priority for me, all the more as I'm pretty swamped.
If you want to get this fixed, I suggest you provide a PR to Netty to provide a public API for exposing the Ciphers they support (I guess they don't want to expose their internal mutable array). If you do so, I'll gladly integrate.

Cheers,

@slandelle slandelle changed the title IllegalAccessError accessing field JdkSslContext.SUPPORTED_CIPHERS IllegalAccessError accessing field JdkSslContext.SUPPORTED_CIPHERS when Netty and AHC sit in different ClassLoaders Mar 30, 2017
@slandelle slandelle added this to the 2.0.32 milestone Apr 24, 2017
slandelle added a commit that referenced this issue Apr 24, 2017
@slandelle
Drop NettySslPackageAccessor, close #1382
78a64f4 
Motivation:

* mess up with provided SslContext
* crash when netty and ahc are in different classloaders

Modifications:

* Drop NettySslPackageAccessor
* Revert to empty conf to use Netty default behavior (only Netty
recommended ciphers are available by default)

Result:

Don’t override provided SslContext behavior.
No more crash when netty and ahc sits in different classloaders
@mkleymenov mkleymenov mentioned this issue Nov 17, 2017
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Defect
Projects
None yet
Milestone
2.0.32
Development

No branches or pull requests
2 participants
@slandelle @jamesnetherton