dev@grizzly.java.net

Re: problems of the SNI from Lee

From: Oleksiy Stashok <oleksiy.stashok_at_oracle.com>
Date: Fri, 30 Jan 2015 21:54:08 -0800

Hi Lee,

I've just added the sample:
https://java.net/projects/grizzly/sources/git/revision/ee6cff79e6f2bfcb6e079aebe3eb6b2941635d08

but unfortunately it requires some fixes I made on 2.3.x branch.
With the 2.3.18 you'll need to apply a workaround (see attached).

Hope it will help.

WBR,
Alexey.



On 30.01.15 00:38, Lee You wrote:
>
> // addon a https listener
> SSLEngineConfigurator ssle = new
> SSLEngineConfigurator(serverSslContext.createSSLContext(), false,
> false, false);
> NetworkListener listener = new NetworkListener("ssl",
> NetworkListener.DEFAULT_NETWORK_HOST, new PortRange(777));
>
> listener.setSSLEngineConfig(ssle);
> listener.setSecure(true);
> httpServer.addListener(listener);
>
> // replace the SSLBaseFilter
> FilterChain filterChain = listener.getFilterChain();
> this.sniFilter = new SNIFilter(this.sslEngineConfig, null);
> if(sniServerConfigResolver instanceof SNIServerConfigResolver){
> log.info <http://log.info>("setupSNI and sniServerConfigResolver is:"
> + sniServerConfigResolver);
> this.sniFilter.setServerSSLConfigResolver(sniServerConfigResolver);
> }
> this.outputFilters(filterChain);
> Filter sslFilter = null;
> for (int i = 0; i < filterChain.size(); i++) {
> sslFilter = filterChain.get(i);
>
> if (sslFilter instanceof TransportFilter) {
> log.info <http://log.info>("setup SNI and TransportFilter is removed. ");
> filterChain.remove(i--);
> continue;
> }
>
> if (sslFilter instanceof SSLBaseFilter) {
> log.info <http://log.info>("setup SNI and SSLBaseFilter is changed to
> be " + this.sniFilter);
> filterChain.set(i, this.sniFilter);
> }
> }
>
> this.outputFilters(filterChain);
>
> //LOGS
> INFO co.iueo.server.IueoSNIService - setupSNI and
> sniServerConfigResolver is:co.iueo.server.IueoSNIService$1_at_43bd05c9
> INFO co.iueo.server.IueoSNIService - setup SNI and Filters in the
> FilterChain is 0
> org.glassfish.grizzly.ssl.SSLBaseFilter$SSLTransportFilterWrapper_at_1772594d
> INFO co.iueo.server.IueoSNIService - setup SNI and Filters in the
> FilterChain is 1 org.glassfish.grizzly.ssl.SSLBaseFilter_at_5d44bbf0
> INFO co.iueo.server.IueoSNIService - setup SNI and Filters in the
> FilterChain is 2 org.glassfish.grizzly.http.HttpServerFilter_at_14d11fff
> INFO co.iueo.server.IueoSNIService - setup SNI and Filters in the
> FilterChain is 3 org.glassfish.grizzly.utils.IdleTimeoutFilter_at_3f69d3e1
> INFO co.iueo.server.IueoSNIService - setup SNI and Filters in the
> FilterChain is 4
> org.glassfish.grizzly.http.server.FileCacheFilter_at_3ad44d70
> INFO co.iueo.server.IueoSNIService - setup SNI and Filters in the
> FilterChain is 5 org.glassfish.grizzly.websockets.WebSocketFilter_at_4237fae1
> INFO co.iueo.server.IueoSNIService - setup SNI and Filters in the
> FilterChain is 6
> org.glassfish.grizzly.http.server.HttpServerFilter_at_5e052bbf
> INFO co.iueo.server.IueoSNIService - setup SNI and TransportFilter
> is removed.
> INFO co.iueo.server.IueoSNIService - setup SNI and SSLBaseFilter is
> changed to be org.glassfish.grizzly.sni.SNIFilter_at_2f021d45
> INFO co.iueo.server.IueoSNIService - setup SNI and Filters in the
> FilterChain is 0 org.glassfish.grizzly.sni.SNIFilter_at_2f021d45
> INFO co.iueo.server.IueoSNIService - setup SNI and Filters in the
> FilterChain is 1 org.glassfish.grizzly.http.HttpServerFilter_at_14d11fff
> INFO co.iueo.server.IueoSNIService - setup SNI and Filters in the
> FilterChain is 2 org.glassfish.grizzly.utils.IdleTimeoutFilter_at_3f69d3e1
> INFO co.iueo.server.IueoSNIService - setup SNI and Filters in the
> FilterChain is 3
> org.glassfish.grizzly.http.server.FileCacheFilter_at_3ad44d70
> INFO co.iueo.server.IueoSNIService - setup SNI and Filters in the
> FilterChain is 4 org.glassfish.grizzly.websockets.WebSocketFilter_at_4237fae1
> INFO co.iueo.server.IueoSNIService - setup SNI and Filters in the
> FilterChain is 5
> org.glassfish.grizzly.http.server.HttpServerFilter_at_5e052bbf
>
>
> ….
> java.lang.NullPointerException
> at org.glassfish.grizzly.sni.SNIFilter.handleRead(SNIFilter.java:241)
> at
> org.glassfish.grizzly.filterchain.ExecutorResolver$9.execute(ExecutorResolver.java:119)
> at
> org.glassfish.grizzly.filterchain.DefaultFilterChain.executeFilter(DefaultFilterChain.java:284)
> at
> org.glassfish.grizzly.filterchain.DefaultFilterChain.executeChainPart(DefaultFilterChain.java:201)
> at
> org.glassfish.grizzly.filterchain.DefaultFilterChain.execute(DefaultFilterChain.java:133)
> at
> org.glassfish.grizzly.filterchain.DefaultFilterChain.process(DefaultFilterChain.java:112)
> at
> org.glassfish.grizzly.ProcessorExecutor.execute(ProcessorExecutor.java:77)
> at
> org.glassfish.grizzly.nio.transport.TCPNIOTransport.fireIOEvent(TCPNIOTransport.java:561)
>
> ////
> This NullPointerException, might because I removed the TransportFilter
> of the SSLBaseFilter when replacing it.
> Should I create a new TCPNIOTransport & new FilterChain instead of the
> NetworkListener?
> If Yes, how could I get all the other Filters like HttpServerFilter,
> IdleTimeoutFilter…..
>
> thanks again, having a great day!
> Lee
>
>
> <quote author='oleksiys'>
> Hi Lee,
>
> am I understanding correctly, you're trying to use SNI support with
> Grizzly HttpServer?
> I am Lee. These days, I am just trying to study the SNI of Grizzly, even
> after read your source code of the SNITest.java, I still do not know how
> to let it works. Because, i do not understand:
> >
> > 1.How to bind to my Grizzly HTTP server supporting the HTTPS(SSL/TLS)
> > to proved web services? Just using the TCPNIOTransport to bind a
> > different port or need to bind to as same port as the Http server?
> >
> I can provide a sample by the end of the week.
> The idea is to use HttpServer AddOn mechanism and update the HttpServer
> FilterChain to use SNIFilter instead of SSLBaseFilter.
>
>
> > 2.Could you explain the meaning of the code with blue color as //below
> >
> It just associates the hostname property with the connection.
>
> > Do I need this line in my own code?
> >
> no. You may want to read this value, but definitely not set it.
>
> > Can I switch to different SSL server configure for their host for
> > supporting SNI in there?
> >
> Sure.
>
> > If it return null, what will be happened for that host?
> >
> The SNIFilter's default server SSLEngineConfigurator will be used.
>
> Thanks
>
> WBR,
> Alexey.
>
>
> > //////////////////////////
> >
> > ilter.setServerSSLConfigResolver(new SNIServerConfigResolver() {
> >
> > @Override
> >
> > public SNIConfig resolve(Connection connection, String
> > hostname) {
> >
> > */sniHostAttr.set(connection, hostname);/*
> >
> > return SNIConfig.newServerConfig(sslServerEngineConfig);
> >
> > }
> >
> > });
> >
> > Thanks! and looking forward for your reply!
> >
> > Best Regards,
> >
> > Lee
> >
>
>
> </quote>
> Quoted from:
> http://grizzly.1045725.n5.nabble.com/problems-of-the-SNI-from-Lee-tp5710686p5710694.html
>





© Oracle | By contributing to this project, you are agreeing to the terms of use described here.