我正在努力解决Netty 5.0.0Alpha1的问题。目前,我正在努力升级我们的一种API以使用SSL。当我按示例所示设置所有内容时,服务器将处理一个请求并崩溃。基本上,我能够在firefox上收到不受信任的证书警告,并且服务器会在每个后续请求中重置连接。日志中没有其他有用的信息。我已将io.netty设置为DEBUG级别。

这是服务器初始化的代码示例:

引导程序:

String cfgKsLocation = ; // .....
String cfgKsPassword = ; // .....

KeyStore keystore = KeyStore.getInstance("PKCS12");
keystore.load(new FileInputStream(new File(cfgKsLocation)), cfgKsPassword.toCharArray());

KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(keystore, cfgKsPassword.toCharArray());

SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(kmf.getKeyManagers(), null, null);

this.sslEngine = sslContext.createSSLEngine();
this.sslEngine.setUseClientMode(false);

EventLoopGroup nettyBossGroup = new NioEventLoopGroup(1);
EventLoopGroup nettyWorkerGroup = new NioEventLoopGroup(2);
try {
      ServerBootstrap bootstrap = new ServerBootstrap();
      bootstrap.group(nettyBossGroup, nettyWorkerGroup);
      bootstrap.channel(NioServerSocketChannel.class);
      bootstrap.childHandler(new ApiChannelInitializer());
      bootstrap.option(ChannelOption.SO_BACKLOG, cfgServerBacklog);
      bootstrap.option(ChannelOption.SO_KEEPALIVE, true);
      Channel channel = bootstrap.bind(cfgServerIpAddress, cfgServerPort).sync().channel();
      channel.closeFuture().sync();
} finally {
      nettyBossGroup.shutdownGracefully();
      nettyWorkerGroup.shutdownGracefully();
}


ApiChannelInitializer:

private class ApiChannelInitializer extends ChannelInitializer<SocketChannel> {

    @Override
    protected void initChannel(SocketChannel c) throws Exception {
        c.pipeline().addLast(new SslHandler(ApiServer.this.sslEngine));
        c.pipeline().addLast(new HttpRequestDecoder());
        c.pipeline().addLast(new HttpResponseEncoder());
        c.pipeline().addLast(new HttpContentCompressor());
        c.pipeline().addLast(new ApiChannelInboundHandler());
    }

}


到目前为止我尝试过的是:


从EventLoopGroup构造中删除参数
使用与Java SecureSocketServer一起正常工作的其他证书
更改为Netty版本4.0.X
在SslHandler之后将DelimiterBasedFrameDecoder添加到pipline

最佳答案

终于,经过几个小时的努力,这解决了我的问题。问题是ssl警报使SSLHandler内的SSLEngine崩溃。如果在管道的开始处仅附加了一个SSLHandler并且SSLEngine崩溃,则SSLHandler将不再能够处理SSL / TLS连接。

因此,我已将此替代添加到我的入站通道处理程序中:

    @Override
    public void channelRegistered(ChannelHandlerContext ctx) throws Exception {
        SSLEngine sslEngine = ApiServer.this.sslContext.createSSLEngine();
        sslEngine.setNeedClientAuth(false);
        sslEngine.setUseClientMode(false);
        SslHandler sslHandler = new SslHandler(sslEngine);
        ctx.pipeline().addFirst(sslHandler);
    }

关于java - 一个请求后Netty 5.0.0Alpha1 SSLHandler崩溃,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/24931463/

10-13 05:00