mirror of
https://github.com/SquidDev-CC/CC-Tweaked
synced 2025-10-26 19:37:39 +00:00
Don't create a TrustManagerFactory
See the discussion in #1352 - Netty uses the system one by default, so no sense creating our own. Also make sure we through the HTTP error every time, not just on the first failure. Otherwise we get cryptic connection dropped errors.
This commit is contained in:
Jonathan Coates
@@ -28,10 +28,8 @@ import org.slf4j.LoggerFactory;
|
|||||||
import javax.annotation.Nullable;
|
import javax.annotation.Nullable;
|
||||||
import javax.net.ssl.SSLException;
|
import javax.net.ssl.SSLException;
|
||||||
import javax.net.ssl.SSLHandshakeException;
|
import javax.net.ssl.SSLHandshakeException;
|
||||||
import javax.net.ssl.TrustManagerFactory;
|
|
||||||
import java.net.InetSocketAddress;
|
import java.net.InetSocketAddress;
|
||||||
import java.net.URI;
|
import java.net.URI;
|
||||||
import java.security.KeyStore;
|
|
||||||
import java.util.concurrent.ScheduledThreadPoolExecutor;
|
import java.util.concurrent.ScheduledThreadPoolExecutor;
|
||||||
import java.util.concurrent.TimeUnit;
|
import java.util.concurrent.TimeUnit;
|
||||||
|
|
||||||
@@ -65,46 +63,29 @@ public final class NetworkUtils {
|
|||||||
}
|
}
|
||||||
|
|
||||||
private static final Object sslLock = new Object();
|
private static final Object sslLock = new Object();
|
||||||
private static @Nullable TrustManagerFactory trustManager;
|
|
||||||
private static @Nullable SslContext sslContext;
|
private static @Nullable SslContext sslContext;
|
||||||
private static boolean triedSslContext = false;
|
private static boolean triedSslContext = false;
|
||||||
|
|
||||||
@Nullable
|
@Nullable
|
||||||
private static TrustManagerFactory getTrustManager() {
|
private static SslContext makeSslContext() {
|
||||||
if (trustManager != null) return trustManager;
|
if (triedSslContext) return sslContext;
|
||||||
synchronized (sslLock) {
|
synchronized (sslLock) {
|
||||||
if (trustManager != null) return trustManager;
|
if (triedSslContext) return sslContext;
|
||||||
|
|
||||||
TrustManagerFactory tmf = null;
|
triedSslContext = true;
|
||||||
try {
|
try {
|
||||||
tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
|
return sslContext = SslContextBuilder.forClient().build();
|
||||||
tmf.init((KeyStore) null);
|
} catch (SSLException e) {
|
||||||
} catch (Exception e) {
|
LOG.error("Cannot construct SSL context", e);
|
||||||
LOG.error("Cannot setup trust manager", e);
|
return sslContext = null;
|
||||||
}
|
}
|
||||||
|
|
||||||
return trustManager = tmf;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@Nullable
|
|
||||||
public static SslContext getSslContext() throws HTTPRequestException {
|
public static SslContext getSslContext() throws HTTPRequestException {
|
||||||
if (sslContext != null || triedSslContext) return sslContext;
|
var ssl = makeSslContext();
|
||||||
synchronized (sslLock) {
|
if (ssl == null) throw new HTTPRequestException("Could not create a secure connection");
|
||||||
if (sslContext != null || triedSslContext) return sslContext;
|
return ssl;
|
||||||
try {
|
|
||||||
return sslContext = SslContextBuilder
|
|
||||||
.forClient()
|
|
||||||
.trustManager(getTrustManager())
|
|
||||||
.build();
|
|
||||||
} catch (SSLException e) {
|
|
||||||
LOG.error("Cannot construct SSL context", e);
|
|
||||||
triedSslContext = true;
|
|
||||||
sslContext = null;
|
|
||||||
|
|
||||||
throw new HTTPRequestException("Cannot create a secure connection");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public static void reloadConfig() {
|
public static void reloadConfig() {
|
||||||
|
|||||||
Reference in New Issue
Block a user