} else { System.out.println(" [FAIL] Open SSL is NOT available"); if (OpenSsl.unavailabilityCause() != null) { System.out.println(" Open SSL Unavailability cause:"); OpenSsl.unavailabilityCause().printStackTrace(System.out);
@Test public void testEnsureOpenSSLAvailability() { Assume.assumeTrue(allowOpenSSL); Assert.assertTrue(String.valueOf(OpenSsl.unavailabilityCause()), OpenSsl.isAvailable()); }
if (!OpenSsl.isAvailable()) { VertxException ex = new VertxException("OpenSSL is not available"); Throwable cause = OpenSsl.unavailabilityCause(); if (cause != null) { ex.initCause(cause);
private SslProvider getTLSProvider(String sslProvider) { if (sslProvider.trim().equalsIgnoreCase("OpenSSL")) { if (OpenSsl.isAvailable()) { LOG.info("Security provider - OpenSSL"); return SslProvider.OPENSSL; } Throwable causeUnavailable = OpenSsl.unavailabilityCause(); LOG.warn("OpenSSL Unavailable: ", causeUnavailable); LOG.info("Security provider - JDK"); return SslProvider.JDK; } LOG.info("Security provider - JDK"); return SslProvider.JDK; }
if (!OpenSsl.isAvailable()) { VertxException ex = new VertxException("OpenSSL is not available"); Throwable cause = OpenSsl.unavailabilityCause(); if (cause != null) { ex.initCause(cause);
@Parameters(name = "{index}: serverEngine = {0}, clientEngine = {1}") public static Collection<Object[]> data() throws Exception { List<SslContext> serverContexts = new ArrayList<SslContext>(); List<SslContext> clientContexts = new ArrayList<SslContext>(); clientContexts.add(new JdkSslClientContext(CERT_FILE)); boolean hasOpenSsl = OpenSsl.isAvailable(); if (hasOpenSsl) { OpenSslServerContext context = new OpenSslServerContext(CERT_FILE, KEY_FILE); serverContexts.add(context); } else { logger.warn("OpenSSL is unavailable and thus will not be tested.", OpenSsl.unavailabilityCause()); } List<Object[]> params = new ArrayList<Object[]>(); for (SslContext sc: serverContexts) { for (SslContext cc: clientContexts) { for (int i = 0; i < 32; i++) { params.add(new Object[] { sc, cc}); } } } return params; }
private void logOpenSSLInfos() { if (OpenSsl.isAvailable()) { log.info("OpenSSL " + OpenSsl.versionString() + " (" + OpenSsl.version() + ") available"); if (OpenSsl.version() < 0x10002000L) { log.warn( "Outdated OpenSSL version detected. You should update to 1.0.2k or later. Currently installed: " + OpenSsl.versionString()); } if (!OpenSsl.supportsHostnameValidation()) { log.warn("Your OpenSSL version " + OpenSsl.versionString() + " does not support hostname verification. You should update to 1.0.2k or later."); } log.debug("OpenSSL available ciphers " + OpenSsl.availableOpenSslCipherSuites()); } else { log.info("OpenSSL not available (this is not an error, we simply fallback to built-in JDK SSL) because of " + OpenSsl.unavailabilityCause()); } }
@Parameters(name = "{index}: serverEngine = {0}, clientEngine = {1}") public static Collection<Object[]> data() throws Exception { List<SslContext> serverContexts = new ArrayList<SslContext>(); serverContexts.add(SslContextBuilder.forServer(CERT_FILE, KEY_FILE).sslProvider(SslProvider.JDK).build()); List<SslContext> clientContexts = new ArrayList<SslContext>(); clientContexts.add(SslContextBuilder.forClient().sslProvider(SslProvider.JDK).trustManager(CERT_FILE).build()); boolean hasOpenSsl = OpenSsl.isAvailable(); if (hasOpenSsl) { serverContexts.add(SslContextBuilder.forServer(CERT_FILE, KEY_FILE) .sslProvider(SslProvider.OPENSSL).build()); clientContexts.add(SslContextBuilder.forClient().sslProvider(SslProvider.OPENSSL) .trustManager(CERT_FILE).build()); } else { logger.warn("OpenSSL is unavailable and thus will not be tested.", OpenSsl.unavailabilityCause()); } List<Object[]> params = new ArrayList<Object[]>(); for (SslContext sc: serverContexts) { for (SslContext cc: clientContexts) { params.add(new Object[] { sc, cc }); } } return params; }
@Test public void testEnsureOpenSSLAvailability() { //Assert.assertTrue("OpenSSL not available: "+String.valueOf(OpenSsl.unavailabilityCause()), OpenSsl.isAvailable()); final String openSSLOptional = System.getenv("SG_TEST_OPENSSL_OPT"); System.out.println("SG_TEST_OPENSSL_OPT "+openSSLOptional); if(!Boolean.parseBoolean(openSSLOptional)) { System.out.println("OpenSSL must be available"); Assert.assertTrue("OpenSSL not available: "+String.valueOf(OpenSsl.unavailabilityCause()), OpenSsl.isAvailable()); } else { System.out.println("OpenSSL can be available"); } }
/** * Determines if Netty OpenSSL support is available and applicable based on the configuration * in the given TransportOptions instance. * * @param options * The configuration of the Transport being created. * * @return true if OpenSSL support is available and usable given the requested configuration. */ public static boolean isOpenSSLPossible(TransportOptions options) { boolean result = false; if (options.isUseOpenSSL()) { if (!OpenSsl.isAvailable()) { LOG.debug("OpenSSL could not be enabled because a suitable implementation could not be found.", OpenSsl.unavailabilityCause()); } else if (options.getSslContextOverride() != null) { LOG.debug("OpenSSL could not be enabled due to user SSLContext being supplied."); } else if (!OpenSsl.supportsKeyManagerFactory()) { LOG.debug("OpenSSL could not be enabled because the version provided does not allow a KeyManagerFactory to be used."); } else if (options.isVerifyHost() && !OpenSsl.supportsHostnameValidation()) { LOG.debug("OpenSSL could not be enabled due to verifyHost being enabled but not supported by the provided OpenSSL version."); } else if (options.getKeyAlias() != null) { LOG.debug("OpenSSL could not be enabled because a keyAlias is set and that feature is not supported for OpenSSL."); } else { LOG.debug("OpenSSL Enabled: Version {} of OpenSSL will be used", OpenSsl.versionString()); result = true; } } return result; }
@Parameters(name = "{index}: serverEngine = {0}, clientEngine = {1}") public static Collection<Object[]> data() throws Exception { List<SslContext> serverContexts = new ArrayList<SslContext>(); serverContexts.add(SslContextBuilder.forServer(CERT_FILE, KEY_FILE).sslProvider(SslProvider.JDK).build()); List<SslContext> clientContexts = new ArrayList<SslContext>(); clientContexts.add(SslContextBuilder.forClient().sslProvider(SslProvider.JDK).trustManager(CERT_FILE).build()); boolean hasOpenSsl = OpenSsl.isAvailable(); if (hasOpenSsl) { serverContexts.add(SslContextBuilder.forServer(CERT_FILE, KEY_FILE) .sslProvider(SslProvider.OPENSSL).build()); clientContexts.add(SslContextBuilder.forClient().sslProvider(SslProvider.OPENSSL) .trustManager(CERT_FILE).build()); } else { logger.warn("OpenSSL is unavailable and thus will not be tested.", OpenSsl.unavailabilityCause()); } List<Object[]> params = new ArrayList<Object[]>(); for (SslContext sc: serverContexts) { for (SslContext cc: clientContexts) { params.add(new Object[] { sc, cc }); } } return params; }
/** * Determines if Netty OpenSSL support is available and applicable based on the configuration * in the given TransportOptions instance. * * @param options * The configuration of the Transport being created. * * @return true if OpenSSL support is available and usable given the requested configuration. */ public static boolean isOpenSSLPossible(TransportOptions options) { boolean result = false; if (options.isUseOpenSSL()) { if (!OpenSsl.isAvailable()) { LOG.debug("OpenSSL could not be enabled because a suitable implementation could not be found.", OpenSsl.unavailabilityCause()); } else if (options.getSslContextOverride() != null) { LOG.debug("OpenSSL could not be enabled due to user SSLContext being supplied."); } else if (!OpenSsl.supportsKeyManagerFactory()) { LOG.debug("OpenSSL could not be enabled because the version provided does not allow a KeyManagerFactory to be used."); } else if (options.isVerifyHost() && !OpenSsl.supportsHostnameValidation()) { LOG.debug("OpenSSL could not be enabled due to verifyHost being enabled but not supported by the provided OpenSSL version."); } else if (options.getKeyAlias() != null) { LOG.debug("OpenSSL could not be enabled because a keyAlias is set and that feature is not supported for OpenSSL."); } else { LOG.debug("OpenSSL Enabled: Version {} of OpenSSL will be used", OpenSsl.versionString()); result = true; } } return result; }
.build()); } else { logger.warn("OpenSSL is unavailable and thus will not be tested.", OpenSsl.unavailabilityCause());
builder.field("ssl_openssl_version", OpenSsl.version()); builder.field("ssl_openssl_version_string", OpenSsl.versionString()); Throwable openSslUnavailCause = OpenSsl.unavailabilityCause(); builder.field("ssl_openssl_non_available_cause", openSslUnavailCause==null?"":openSslUnavailCause.toString()); builder.field("ssl_openssl_supports_key_manager_factory", OpenSsl.supportsKeyManagerFactory());
@Test public void shouldUpgradeUsingALPN() throws Exception { SkipTestNG.skipSinceJDK(10); // TODO: OpenSSL ALPN doesn't seem to work. Restructure the test to use internal JDK ALPN if (!OpenSsl.isAlpnSupported()) { throw new IllegalStateException("OpenSSL is not present, can not test TLS/ALPN support. Version: " + OpenSsl.versionString() + " Cause: " + OpenSsl.unavailabilityCause()); } //given restServer = RestServerHelper.defaultRestServer("http2testcache") .withKeyStore(KEY_STORE_PATH, "secret", "pkcs12") .start(TestResourceTracker.getCurrentTestShortName()); client = NettyHttpClient.newHttp2ClientWithALPN(KEY_STORE_PATH, "secret"); client.start(restServer.getHost(), restServer.getPort()); FullHttpRequest putValueInCacheRequest = new DefaultFullHttpRequest(HTTP_1_1, POST, "/rest/http2testcache/test", wrappedBuffer("test".getBytes(CharsetUtil.UTF_8))); //when client.sendRequest(putValueInCacheRequest); Queue<FullHttpResponse> responses = client.getResponses(); //then Assertions.assertThat(responses).hasSize(1); Assertions.assertThat(responses.element().status().code()).isEqualTo(200); Assertions.assertThat(restServer.getCacheManager().getCache("http2testcache").size()).isEqualTo(1); }
@Test public void shouldUpgradeThroughALPN() throws Exception { if (!OpenSsl.isAlpnSupported()) { throw new IllegalStateException("OpenSSL is not present, can not test TLS/ALPN support. Version: " + OpenSsl.versionString() + " Cause: " + OpenSsl.unavailabilityCause());
@Test public void shouldUpgradeToHotRodThroughALPN() throws Exception { if (!OpenSsl.isAlpnSupported()) { throw new IllegalStateException("OpenSSL is not present, can not test TLS/ALPN support. Version: " + OpenSsl.versionString() + " Cause: " + OpenSsl.unavailabilityCause());