Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add SslConfig APIs and fix SNI and SSL hostname bugs (#1387)
Motivation: The server SSL config APIs for SNI didn't allow configuring SSL associated with each individual SNI host. The client APIs coupled the host name verification algorithm with the non-authoritative peer host/port. This doesn't correctly represent the semantics of SSL. Modifications: - Deprecate all APIs related to SecurityConfigurator and secure() builder method. The secure() builder methods require that users call commit() which is easy to miss if the builder is used in a conditional block, and prototypes of a composable server SNI API results in code that is difficult to read and understand which configurations apply. - Add SslConfig interface types and builders that can be used to create the ssl configuration independent of the protocol builders. This allows for folks to configure ssl independently and we can overlay any values which maybe automatically inferred in the protocol builder (e.g. peerHost on the client, alpn protocols, etc.). - Server SSL allows for providing SNI configuration, and Netty's DomainWildcardMappingBuilder is used to match hostnames. - Client side SSL config object removes methods which couple the host name verification algorithm to the non-authoritative peer host/port, and adds new methods which allow setting them independently. - Update all tests to enable host name verification, and avoid deprecated method use when possible. Result: SSL config APIs now correctly represent SNI semantics for client and server. The client SSL config decouples the non-authoritative peer host/port from the verification algorithm. The deprecated types and methods will be removed in a future release.
- Loading branch information
1 parent
7892210
commit 50079f7
Showing
90 changed files
with
2,609 additions
and
658 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.