Skip to content
Permalink
Browse files
QPIDJMS-391 Add support for netty OpenSSL implementations
Allow the client to utilize netty openssl features if available and
configured to do so.  The user will need to provide a netty-tcnative
dependency to the classpath such as the boringssl uber jar and set
the transport.useOpenSSL option to true.

The tests use the boringssl library v2.0.12.Final to validate.

Updates to Netty 4.1.28.Final which has some OpenSSL bindings fixes.
  • Loading branch information
tabish121 committed Aug 2, 2018
1 parent 994c5b4 commit d5cde3ed4de43d5c2462930a068da15afa916d1d
Show file tree
Hide file tree
Showing 15 changed files with 1,129 additions and 160 deletions.
@@ -40,7 +40,8 @@

<!-- Dependency Versions for this Project -->
<proton-version>0.28.0</proton-version>
<netty-version>4.1.27.Final</netty-version>
<netty-version>4.1.28.Final</netty-version>
<netty-tcnative-version>2.0.12.Final</netty-tcnative-version>
<slf4j-version>1.7.25</slf4j-version>
<geronimo.jms.2.spec.version>1.0-alpha-2</geronimo.jms.2.spec.version>

@@ -156,6 +157,12 @@
<artifactId>netty-codec-http</artifactId>
<version>${netty-version}</version>
</dependency>
<!-- Testing only Uber Jar inclusion -->
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-tcnative-boringssl-static</artifactId>
<version>${netty-tcnative-version}</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
@@ -103,6 +103,11 @@
<artifactId>hadoop-minikdc</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-tcnative-boringssl-static</artifactId>
<scope>test</scope>
</dependency>
</dependencies>

<build>
@@ -47,6 +47,7 @@ public class TransportOptions implements Cloneable {
public static final boolean DEFAULT_VERIFY_HOST = true;
public static final List<String> DEFAULT_DISABLED_PROTOCOLS = Collections.unmodifiableList(Arrays.asList(new String[]{"SSLv2Hello", "SSLv3"}));
public static final int DEFAULT_SSL_PORT = 5671;
public static final boolean DEFAULT_USE_OPENSSL = false;

private static final String JAVAX_NET_SSL_KEY_STORE = "javax.net.ssl.keyStore";
private static final String JAVAX_NET_SSL_KEY_STORE_TYPE = "javax.net.ssl.keyStoreType";
@@ -67,6 +68,7 @@ public class TransportOptions implements Cloneable {
private boolean useEpoll = DEFAULT_USE_EPOLL;
private boolean useKQueue = DEFAULT_USE_KQUEUE;
private boolean traceBytes = DEFAULT_TRACE_BYTES;
private boolean useOpenSSL = DEFAULT_USE_OPENSSL;

private String keyStoreLocation;
private String keyStorePassword;
@@ -512,6 +514,21 @@ public Map<String, String> getHttpHeaders() {
return httpHeaders;
}

/**
* @return true if OpenSSL support is enabled for this Transport.
*/
public boolean isUseOpenSSL() {
return useOpenSSL;
}

/**
* @param useOpenSSL
* Configure if the transport should attempt to use OpenSSL
*/
public void setUseOpenSSL(boolean useOpenSSL) {
this.useOpenSSL = useOpenSSL;
}

protected TransportOptions copyOptions(TransportOptions copy) {
copy.setConnectTimeout(getConnectTimeout());
copy.setReceiveBufferSize(getReceiveBufferSize());
@@ -540,6 +557,7 @@ protected TransportOptions copyOptions(TransportOptions copy) {
copy.setContextProtocol(getContextProtocol());
copy.setDefaultSslPort(getDefaultSslPort());
copy.setSslContextOverride(getSslContextOverride());
copy.setUseOpenSSL(isUseOpenSSL());

return copy;
}

0 comments on commit d5cde3e

Please sign in to comment.