mirror of
https://github.com/SquidDev-CC/CC-Tweaked
synced 2024-10-01 08:20:47 +00:00
Don't create a TrustManagerFactory
See the discussion in #1352 - Netty uses the system one by default, so no sense creating our own. Also make sure we through the HTTP error every time, not just on the first failure. Otherwise we get cryptic connection dropped errors.
This commit is contained in:
parent
1c120982a7
commit
c9bb534799
@ -28,10 +28,8 @@ import org.slf4j.LoggerFactory;
|
|||||||
import javax.annotation.Nullable;
|
import javax.annotation.Nullable;
|
||||||
import javax.net.ssl.SSLException;
|
import javax.net.ssl.SSLException;
|
||||||
import javax.net.ssl.SSLHandshakeException;
|
import javax.net.ssl.SSLHandshakeException;
|
||||||
import javax.net.ssl.TrustManagerFactory;
|
|
||||||
import java.net.InetSocketAddress;
|
import java.net.InetSocketAddress;
|
||||||
import java.net.URI;
|
import java.net.URI;
|
||||||
import java.security.KeyStore;
|
|
||||||
import java.util.concurrent.ScheduledThreadPoolExecutor;
|
import java.util.concurrent.ScheduledThreadPoolExecutor;
|
||||||
import java.util.concurrent.TimeUnit;
|
import java.util.concurrent.TimeUnit;
|
||||||
|
|
||||||
@ -65,46 +63,29 @@ public final class NetworkUtils {
|
|||||||
}
|
}
|
||||||
|
|
||||||
private static final Object sslLock = new Object();
|
private static final Object sslLock = new Object();
|
||||||
private static @Nullable TrustManagerFactory trustManager;
|
|
||||||
private static @Nullable SslContext sslContext;
|
private static @Nullable SslContext sslContext;
|
||||||
private static boolean triedSslContext = false;
|
private static boolean triedSslContext = false;
|
||||||
|
|
||||||
@Nullable
|
@Nullable
|
||||||
private static TrustManagerFactory getTrustManager() {
|
private static SslContext makeSslContext() {
|
||||||
if (trustManager != null) return trustManager;
|
if (triedSslContext) return sslContext;
|
||||||
synchronized (sslLock) {
|
synchronized (sslLock) {
|
||||||
if (trustManager != null) return trustManager;
|
if (triedSslContext) return sslContext;
|
||||||
|
|
||||||
TrustManagerFactory tmf = null;
|
triedSslContext = true;
|
||||||
try {
|
try {
|
||||||
tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
|
return sslContext = SslContextBuilder.forClient().build();
|
||||||
tmf.init((KeyStore) null);
|
|
||||||
} catch (Exception e) {
|
|
||||||
LOG.error("Cannot setup trust manager", e);
|
|
||||||
}
|
|
||||||
|
|
||||||
return trustManager = tmf;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
@Nullable
|
|
||||||
public static SslContext getSslContext() throws HTTPRequestException {
|
|
||||||
if (sslContext != null || triedSslContext) return sslContext;
|
|
||||||
synchronized (sslLock) {
|
|
||||||
if (sslContext != null || triedSslContext) return sslContext;
|
|
||||||
try {
|
|
||||||
return sslContext = SslContextBuilder
|
|
||||||
.forClient()
|
|
||||||
.trustManager(getTrustManager())
|
|
||||||
.build();
|
|
||||||
} catch (SSLException e) {
|
} catch (SSLException e) {
|
||||||
LOG.error("Cannot construct SSL context", e);
|
LOG.error("Cannot construct SSL context", e);
|
||||||
triedSslContext = true;
|
return sslContext = null;
|
||||||
sslContext = null;
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
throw new HTTPRequestException("Cannot create a secure connection");
|
public static SslContext getSslContext() throws HTTPRequestException {
|
||||||
}
|
var ssl = makeSslContext();
|
||||||
}
|
if (ssl == null) throw new HTTPRequestException("Could not create a secure connection");
|
||||||
|
return ssl;
|
||||||
}
|
}
|
||||||
|
|
||||||
public static void reloadConfig() {
|
public static void reloadConfig() {
|
||||||
|
Loading…
Reference in New Issue
Block a user