Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support JDK 1.8.0_252 #964

Merged
merged 9 commits into from
May 13, 2020
Merged

Support JDK 1.8.0_252 #964

merged 9 commits into from
May 13, 2020

Conversation

raboof
Copy link
Member

@raboof raboof commented May 11, 2020

References #946

ignasi35
ignasi35 reviewed May 11, 2020
View reviewed changes
Copy link
Member

@ignasi35 ignasi35 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice that you proved this approach would work! 🙇🏼‍♂️

runtime/src/main/scala/akka/grpc/internal/NettyClientUtils.scala Outdated
.map(javaCtx => builder.negotiationType(NegotiationType.TLS).sslContext(nettyHttp2SslContext(javaCtx)))
builder = settings.trustManager
.map(trustManager => {
val nettySslContext = GrpcSslContexts.forClient().trustManager(trustManager).build()
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Then, we'd also invoke .keyManager on the builder here...

runtime/src/main/scala/akka/grpc/internal/NettyClientUtils.scala
nettySslContextField.set(nettySslContext, javaSslContext)

nettySslContext
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So good to get rid of this!

runtime/src/main/scala/akka/grpc/GrpcClientSettings.scala
new DefaultKeyManagerFactoryWrapper(sslConfigSettings.keyManagerConfig.algorithm),
new DefaultTrustManagerFactoryWrapper(sslConfigSettings.trustManagerConfig.algorithm)).build()
sslContext
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe we can still use this code but, instead of returning SSLContext return a trustManager and a keyManager build using ssl-config's Default{Key,Trust}ManagerFactoryWrapper.

@raboof raboof marked this pull request as ready for review May 12, 2020 15:25
@ignasi35
Copy link
Member

@raboof WDYT about keyManagers so we support mTLS? Worth adding it here or should we just merge as is (LGTM) and eventually implement support for client-side TLS when the need arises?

@raboof
Support JDK 1.8.0_252
6fa4c6e
@raboof
Allow configuring only the trustmanager rather than the whole SSLContext
8d14460 
This makes it possible to leverage upstreams' OpenSSL support, which is
especially useful now that the JDK implementation doesn't work with JDK
1.8.0-252
@raboof
Use published snapshot
f67fb89 
Not all scripted tests work because they don't have the right resolvers, but
I verified gen-scala-server/00-interop works with 1.8.0_252 with this change.
@raboof
Ignore test that is expected to fail
21f46a6
@raboof
Allow setting TLS without specifying a truststore
ccd5198
@raboof
Allow using the default CA's or setting one explicitly
e6638c5
@raboof
Be less picky about which exception is thrown
49c8ba4
@raboof
'blind' fix for benchmarks
77b54b8
@raboof
mima filter
b5b50ce
@raboof
Copy link
Member Author

raboof commented May 13, 2020

@raboof WDYT about keyManagers so we support mTLS? Worth adding it here or should we just merge as is (LGTM) and eventually implement support for client-side TLS when the need arises?

Sounds useful to add, but let's merge this first

@raboof raboof merged commit 1c7e655 into akka:master May 13, 2020
@raboof raboof mentioned this pull request May 14, 2020
Closed
@ignasi35 ignasi35 mentioned this pull request May 21, 2020
Closed
dwhjames added a commit to dwhjames/akka-grpc that referenced this pull request Aug 3, 2022
@dwhjames
Clean up NettyClientUtils#createNettySslContext
07d6dff 
Inserting a JDK `javax.net.ssl.SSLContext` into Netty originated in commit
https://github.com/richdougherty/akka-grpc/blob/aa05239c6cddcb20dfa0770e8e8e7649e3bbaaef/runtime/src/main/scala/akka/grpc/internal/NettyClientUtils.scala#L59-L82
in PR akka#266

It was removed in PR akka#964
to address Issue akka#946

It was returned in PR akka#979
to address Issue akka#978

---

Original comment was
```scala
    // FIXME: Create a JdkSslContext using a normal constructor. Need to work out sensible values for all args first.
    // In the meantime, use a Netty SslContextBuild to create a JdkSslContext, then use reflection to patch the
    // object's internal SSLContext. It's not pretty, but it gets something working for now.
```

---

This commit addresses the original `FIXME` comment, and avoids using
deprecated constructors on `io.grpc.netty.shaded.io.netty.handler.ssl.JdkSslContext`
@dwhjames dwhjames mentioned this pull request Aug 3, 2022
Merged
raboof pushed a commit that referenced this pull request Aug 22, 2022
@dwhjames
Clean up NettyClientUtils#createNettySslContext (#1649)
b0ff79e 
Inserting a JDK `javax.net.ssl.SSLContext` into Netty originated in commit
https://github.com/richdougherty/akka-grpc/blob/aa05239c6cddcb20dfa0770e8e8e7649e3bbaaef/runtime/src/main/scala/akka/grpc/internal/NettyClientUtils.scala#L59-L82
in PR #266

It was removed in PR #964
to address Issue #946

It was returned in PR #979
to address Issue #978

---

Original comment was
```scala
    // FIXME: Create a JdkSslContext using a normal constructor. Need to work out sensible values for all args first.
    // In the meantime, use a Netty SslContextBuild to create a JdkSslContext, then use reflection to patch the
    // object's internal SSLContext. It's not pretty, but it gets something working for now.
```

---

This commit addresses the original `FIXME` comment, and avoids using
deprecated constructors on `io.grpc.netty.shaded.io.netty.handler.ssl.JdkSslContext`
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ignasi35 ignasi35 ignasi35 approved these changes

Assignees
No one assigned
Labels
sbt update
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@raboof @ignasi35