mirror of
https://github.com/SquidDev-CC/CC-Tweaked
synced 2024-07-03 02:23:20 +00:00
Don't create a TrustManagerFactory
See the discussion in #1352 - Netty uses the system one by default, so no sense creating our own. Also make sure we through the HTTP error every time, not just on the first failure. Otherwise we get cryptic connection dropped errors.
This commit is contained in:
parent
1c120982a7
commit
c9bb534799
|
@ -28,10 +28,8 @@
|
||||||
import javax.annotation.Nullable;
|
import javax.annotation.Nullable;
|
||||||
import javax.net.ssl.SSLException;
|
import javax.net.ssl.SSLException;
|
||||||
import javax.net.ssl.SSLHandshakeException;
|
import javax.net.ssl.SSLHandshakeException;
|
||||||
import javax.net.ssl.TrustManagerFactory;
|
|
||||||
import java.net.InetSocketAddress;
|
import java.net.InetSocketAddress;
|
||||||
import java.net.URI;
|
import java.net.URI;
|
||||||
import java.security.KeyStore;
|
|
||||||
import java.util.concurrent.ScheduledThreadPoolExecutor;
|
import java.util.concurrent.ScheduledThreadPoolExecutor;
|
||||||
import java.util.concurrent.TimeUnit;
|
import java.util.concurrent.TimeUnit;
|
||||||
|
|
||||||
|
@ -65,46 +63,29 @@ private NetworkUtils() {
|
||||||
}
|
}
|
||||||
|
|
||||||
private static final Object sslLock = new Object();
|
private static final Object sslLock = new Object();
|
||||||
private static @Nullable TrustManagerFactory trustManager;
|
|
||||||
private static @Nullable SslContext sslContext;
|
private static @Nullable SslContext sslContext;
|
||||||
private static boolean triedSslContext = false;
|
private static boolean triedSslContext = false;
|
||||||
|
|
||||||
@Nullable
|
@Nullable
|
||||||
private static TrustManagerFactory getTrustManager() {
|
private static SslContext makeSslContext() {
|
||||||
if (trustManager != null) return trustManager;
|
if (triedSslContext) return sslContext;
|
||||||
synchronized (sslLock) {
|
synchronized (sslLock) {
|
||||||
if (trustManager != null) return trustManager;
|
if (triedSslContext) return sslContext;
|
||||||
|
|
||||||
TrustManagerFactory tmf = null;
|
triedSslContext = true;
|
||||||
try {
|
try {
|
||||||
tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
|
return sslContext = SslContextBuilder.forClient().build();
|
||||||
tmf.init((KeyStore) null);
|
} catch (SSLException e) {
|
||||||
} catch (Exception e) {
|
LOG.error("Cannot construct SSL context", e);
|
||||||
LOG.error("Cannot setup trust manager", e);
|
return sslContext = null;
|
||||||
}
|
}
|
||||||
|
|
||||||
return trustManager = tmf;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@Nullable
|
|
||||||
public static SslContext getSslContext() throws HTTPRequestException {
|
public static SslContext getSslContext() throws HTTPRequestException {
|
||||||
if (sslContext != null || triedSslContext) return sslContext;
|
var ssl = makeSslContext();
|
||||||
synchronized (sslLock) {
|
if (ssl == null) throw new HTTPRequestException("Could not create a secure connection");
|
||||||
if (sslContext != null || triedSslContext) return sslContext;
|
return ssl;
|
||||||
try {
|
|
||||||
return sslContext = SslContextBuilder
|
|
||||||
.forClient()
|
|
||||||
.trustManager(getTrustManager())
|
|
||||||
.build();
|
|
||||||
} catch (SSLException e) {
|
|
||||||
LOG.error("Cannot construct SSL context", e);
|
|
||||||
triedSslContext = true;
|
|
||||||
sslContext = null;
|
|
||||||
|
|
||||||
throw new HTTPRequestException("Cannot create a secure connection");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public static void reloadConfig() {
|
public static void reloadConfig() {
|
||||||
|
|
Loading…
Reference in New Issue
Block a user