我正在努力解决Netty 5.0.0Alpha1的问题。目前,我正在努力升级我们的一种API以使用SSL。当我按示例所示设置所有内容时,服务器将处理一个请求并崩溃。基本上,我能够在firefox上收到不受信任的证书警告,并且服务器会在每个后续请求中重置连接。日志中没有其他有用的信息。我已将io.netty设置为DEBUG级别。
这是服务器初始化的代码示例:
引导程序:
String cfgKsLocation = ; // .....
String cfgKsPassword = ; // .....
KeyStore keystore = KeyStore.getInstance("PKCS12");
keystore.load(new FileInputStream(new File(cfgKsLocation)), cfgKsPassword.toCharArray());
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(keystore, cfgKsPassword.toCharArray());
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(kmf.getKeyManagers(), null, null);
this.sslEngine = sslContext.createSSLEngine();
this.sslEngine.setUseClientMode(false);
EventLoopGroup nettyBossGroup = new NioEventLoopGroup(1);
EventLoopGroup nettyWorkerGroup = new NioEventLoopGroup(2);
try {
ServerBootstrap bootstrap = new ServerBootstrap();
bootstrap.group(nettyBossGroup, nettyWorkerGroup);
bootstrap.channel(NioServerSocketChannel.class);
bootstrap.childHandler(new ApiChannelInitializer());
bootstrap.option(ChannelOption.SO_BACKLOG, cfgServerBacklog);
bootstrap.option(ChannelOption.SO_KEEPALIVE, true);
Channel channel = bootstrap.bind(cfgServerIpAddress, cfgServerPort).sync().channel();
channel.closeFuture().sync();
} finally {
nettyBossGroup.shutdownGracefully();
nettyWorkerGroup.shutdownGracefully();
}
ApiChannelInitializer:
private class ApiChannelInitializer extends ChannelInitializer<SocketChannel> {
@Override
protected void initChannel(SocketChannel c) throws Exception {
c.pipeline().addLast(new SslHandler(ApiServer.this.sslEngine));
c.pipeline().addLast(new HttpRequestDecoder());
c.pipeline().addLast(new HttpResponseEncoder());
c.pipeline().addLast(new HttpContentCompressor());
c.pipeline().addLast(new ApiChannelInboundHandler());
}
}
到目前为止我尝试过的是:
从EventLoopGroup构造中删除参数
使用与Java SecureSocketServer一起正常工作的其他证书
更改为Netty版本4.0.X
在SslHandler之后将DelimiterBasedFrameDecoder添加到pipline
最佳答案
终于,经过几个小时的努力,这解决了我的问题。问题是ssl警报使SSLHandler内的SSLEngine崩溃。如果在管道的开始处仅附加了一个SSLHandler并且SSLEngine崩溃,则SSLHandler将不再能够处理SSL / TLS连接。
因此,我已将此替代添加到我的入站通道处理程序中:
@Override
public void channelRegistered(ChannelHandlerContext ctx) throws Exception {
SSLEngine sslEngine = ApiServer.this.sslContext.createSSLEngine();
sslEngine.setNeedClientAuth(false);
sslEngine.setUseClientMode(false);
SslHandler sslHandler = new SslHandler(sslEngine);
ctx.pipeline().addFirst(sslHandler);
}
关于java - 一个请求后Netty 5.0.0Alpha1 SSLHandler崩溃,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/24931463/