-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SSL improvements #4468
SSL improvements #4468
Conversation
@kabir have a look, it changes the temporary supplied SSLContext machinery for a cleaner API, |
@vietj Looks good. My only concern is what the timeframe is to get this in? Since I have some work further down the chain (in SR Reactive Messaging) which needs merging/adjusting. |
I think the next release. I'm working actively on it.
…On Wed, Aug 31, 2022 at 11:25 AM Kabir Khan ***@***.***> wrote:
@vietj <https://github.com/vietj> Looks good. My only concern is what the
timeframe is to get this in? Since I have some work further down the chain
(in SR Reactive Messaging) which needs merging/adjusting.
CC @cescoffier <https://github.com/cescoffier> @ozangunalp
<https://github.com/ozangunalp>
—
Reply to this email directly, view it on GitHub
<#4468 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AABXDCWEICERUA6KOY5TVTDV34QKPANCNFSM6AAAAAAQAZVVLA>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
@vietj ok, great - the needed work in SmallRye Reactive Messaging will need updating. But since that isn't merged yet, assuming this comes soon-ish, I can update that PR. |
@kabir this is I think the most up to date PR for the feature Now the vertx-proton and vertx-amqp-client changes are not necessary anymore as the SSLContext can be configured from the AmqpClientOptions options = new AmqpClientOptions()
.setSsl(true)
.setHost("localhost")
.setPort(server.actualPort())
.setSslEngineOptions(new JdkSSLEngineOptions() {
@Override
public SslContextFactory sslContextFactory() {
return new SslContextFactory() {
@Override
public SslContext create() throws SSLException {
return new JdkSslContext(
sslContext,
true,
null,
IdentityCipherSuiteFilter.INSTANCE,
ApplicationProtocolConfig.DISABLED,
io.netty.handler.ssl.ClientAuth.NONE,
null,
false);
}
};
}
});
AmqpClient client = AmqpClient.create(vertx, options); After this is merged, I'll revert the changes in vertx-proton and vertx-amqp-client (but I'll keep the SSL tests). |
Thanks @vietj - the changes look good to me |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I added some comments from my perspective as a user of the toolkit who is trying to learn more about the internals.
@@ -226,6 +212,26 @@ private void connect(SocketAddress remoteAddress, String serverName, Promise<Net | |||
} | |||
|
|||
public void connectInternal(ProxyOptions proxyOptions, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Might be helpful to add JavaDoc to this method and the next?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
will do
} | ||
|
||
private synchronized io.netty.util.concurrent.Future<Channel> listen(SocketAddress localAddress, ContextInternal context) { | ||
private synchronized Future<Channel> listen(SocketAddress localAddress, ContextInternal context) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am having issues tracing through this method and understanding the reasoning. Any chance of adding comments or decomposing into smaller methods?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'll add comments
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the additional comments and documentation @vietj - Looks good!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@vietj great job
…let the channel configurator create an SslHandler from the SslContext
5466a8b
to
bff305d
Compare
Signed-off-by: Thomas Segismont <tsegismont@gmail.com>
Signed-off-by: Thomas Segismont <tsegismont@gmail.com>
Signed-off-by: Thomas Segismont <tsegismont@gmail.com>
Signed-off-by: Thomas Segismont <tsegismont@gmail.com> Signed-off-by: Thomas Segismont <tsegismont@gmail.com>
A set of improvements for SSL handling
NetClient
as validation is asynchronousSslContext
is now delegated to an SPI to enable alternative way to create anSslContext
(e.g reuse an existingSSLContext
) provided on theSSLEngineOptions
classesSSLEngineOptions
configuration mechanismSslHandler
orSniHandler
) is now created by theSSLHelper
instead of the pipeline setupThe SPI will be documented in the Vert.x Advanced Guide
Thanks @MikeEdgar for the SSL blocking contribution