Add support for Conscrypt with Netty#3401
Conversation
ejona86
force-pushed
the
netty-conscrypt
branch
2 times, most recently
from
58b2adb to
ba55504
Compare
ejona86
force-pushed
the
netty-conscrypt
branch
from
ba55504 to
97e8e85
Compare
ejona86
force-pushed
the
netty-conscrypt
branch
from
97e8e85 to
0126774
Compare
ejona86
added
the
kokoro:force-run
kokoro-team
removed
the
kokoro:force-run
ericgribkoff
left a comment
ericgribkoff
left a comment
There was a problem hiding this comment.
Sorry for the delay. LGTM, just a couple very minor comments.
| private static final String SUN_PROVIDER_NAME = "SunJSSE"; | ||
| private static final Method IS_CONSCRYPT_PROVIDER; | ||
|
|
||
| static { |
There was a problem hiding this comment.
Should this be wrapped in a function to provide an easier to understand stack trace if this ends up throwing?
There was a problem hiding this comment.
I could, although I find it more confusing to have static methods that are called before static initialization completes. It's necessary and helpful at times, but when unnecessary I try to avoid it as I find it to be bug-prone.
| logger.log(Level.FINE, "Selecting JDK with provider {0}", provider); | ||
| return SslProvider.JDK; | ||
| } | ||
| logger.log(Level.INFO, "netty-tcnative unavailable (this may be normal)", |
There was a problem hiding this comment.
Do we expect the IllegalStateException to be caught somewhere? It looks like in the current flow this propagates back through the NettyChannelBuilder, in which case it seems a little confusing to say "(this may be normal)" for all of these when we're about to fail. I think the intent is that it might be normal for two out of the three to be missing, but the current message seems to imply it's ok for all of them to be missing. Maybe add an initial "One of the following TLS ALPN providers must be available:" log statement and drop the "(this may be normal)" text?
There was a problem hiding this comment.
Spoke offline. The main reason I didn't do that is because then the error is reported in two places: the log message and the exception. Right now the log messages are just informational and it's only after you get the exception that you can look at them and think "these might be useful."
ejona86
force-pushed
the
netty-conscrypt
branch
from
af43ecf to
61826ad
Compare
|
OkHttp+Conscrypt+Windows is flaky. I've reverted the change to use Conscrypt in interop-testing's unit tests and the test client; we continue to use Jetty ALPN there for the moment. |
ejona86
force-pushed
the
netty-conscrypt
branch
from
61826ad to
f4f6c31
Compare
3 participants
The commits will be kept separate when merging.
Since Conscrypt has had some breaking changes, this should probably wait until Conscrypt 1.0 is released to avoid breakage. That implies there will be some changes still to this PR before it is merged, but they can't be done at this time and are relatively small in scope.