Make OpenSSL engine configurable

Question

Make OpenSSL engine configurable

SercanKaraoglu opened this issue 5 months ago · comments

Here SSL is initialized with static null value https://github.com/netty/netty-tcnative/blob/main/openssl-classes/src/main/java/io/netty/internal/tcnative/Library.java#L176
Instead make this configurable via for example jvm parameters so that users can customize OpenSSL engines

Norman Maurer · Answer 1 · Sat Mar 02 2024 04:41:26 GMT+0800 (China Standard Time)

There is another constructor you can use: https://github.com/netty/netty-tcnative/blob/main/openssl-classes/src/main/java/io/netty/internal/tcnative/Library.java#L187

Sercan Karaoglu · Answer 2 · Sat Mar 02 2024 04:44:11 GMT+0800 (China Standard Time)

from end user point of view this is how I am initializing right now:

getChannelInitializer(workerGroup, handler,
                                SslContextBuilder.forClient()
                                        .sslProvider(SslProvider.OPENSSL_REFCNT)
                                        .trustManager(InsecureTrustManagerFactory.INSTANCE)
                                        .build()

How can I set it to use spesific engine then?

Norman Maurer · Answer 3 · Sat Mar 02 2024 04:47:07 GMT+0800 (China Standard Time)

You can use -Dio.netty.handler.ssl.openssl.engine=enginename.

Sercan Karaoglu · Answer 4 · Sat Mar 02 2024 04:48:00 GMT+0800 (China Standard Time)

awesome! that's what I was looking for. Thank you