public abstract class ReferenceCountedOpenSslContext extends SslContext implements ReferenceCounted
SslContext
which works with libraries that support the
OpenSsl C library API.
Instances of this class must be released
or else native memory will leak!
Instances of this class must not be released before any ReferenceCountedOpenSslEngine
which depends upon the instance of this class is released. Otherwise if any method of
ReferenceCountedOpenSslEngine
is called which uses this class's JNI resources the JVM may crash.
Modifier and Type | Field and Description |
---|---|
protected long |
ctx
The OpenSSL SSL_CTX object.
|
protected static int |
VERIFY_DEPTH |
Modifier and Type | Method and Description |
---|---|
ApplicationProtocolNegotiator |
applicationProtocolNegotiator()
Returns the object responsible for negotiating application layer protocols for the TLS NPN/ALPN extensions.
|
protected static X509Certificate[] |
certificates(byte[][] chain) |
protected static X509TrustManager |
chooseTrustManager(TrustManager[] managers)
Deprecated.
This method is kept for API backwards compatibility.
|
protected static X509KeyManager |
chooseX509KeyManager(KeyManager[] kms) |
List<String> |
cipherSuites()
Returns the list of enabled cipher suites, in the order of preference.
|
long |
context()
Deprecated.
this method is considered unsafe as the returned pointer may be released later. Dont use it!
|
int |
getBioNonApplicationBufferSize()
Returns the size of the buffer used by the BIO for non-application based writes
|
boolean |
getRejectRemoteInitiatedRenegotiation()
Deprecated.
|
boolean |
isClient()
Returns the
true if and only if this context is for client-side. |
SSLEngine |
newEngine(ByteBufAllocator alloc)
Returns a new server-side
SSLEngine with the current configuration. |
SSLEngine |
newEngine(ByteBufAllocator alloc,
String peerHost,
int peerPort)
Creates a new
SSLEngine using advisory peer information. |
protected SslHandler |
newHandler(ByteBufAllocator alloc,
boolean startTls)
Create a new SslHandler.
|
protected SslHandler |
newHandler(ByteBufAllocator alloc,
boolean startTls,
Executor executor)
Create a new SslHandler.
|
protected SslHandler |
newHandler(ByteBufAllocator alloc,
String peerHost,
int peerPort,
boolean startTls)
Create a new SslHandler.
|
protected SslHandler |
newHandler(ByteBufAllocator alloc,
String peerHost,
int peerPort,
boolean startTls,
Executor executor) |
int |
refCnt()
Returns the reference count of this object.
|
boolean |
release()
Decreases the reference count by
1 and deallocates this object if the reference count reaches at
0 . |
boolean |
release(int decrement)
Decreases the reference count by the specified
decrement and deallocates this object if the reference
count reaches at 0 . |
ReferenceCounted |
retain()
Increases the reference count by
1 . |
ReferenceCounted |
retain(int increment)
Increases the reference count by the specified
increment . |
abstract OpenSslSessionContext |
sessionContext()
Returns the
SSLSessionContext object held by this context. |
void |
setBioNonApplicationBufferSize(int bioNonApplicationBufferSize)
Set the size of the buffer used by the BIO for non-application based writes
(e.g. handshake, renegotiation, etc...).
|
void |
setPrivateKeyMethod(OpenSslPrivateKeyMethod method)
Deprecated.
|
void |
setRejectRemoteInitiatedRenegotiation(boolean rejectRemoteInitiatedRenegotiation)
Deprecated.
|
void |
setTicketKeys(byte[] keys)
Deprecated.
|
void |
setUseTasks(boolean useTasks)
Deprecated.
|
long |
sslCtxPointer()
Deprecated.
this method is considered unsafe as the returned pointer may be released later. Dont use it!
|
OpenSslSessionStats |
stats()
Deprecated.
use
#sessionContext#stats() |
ReferenceCounted |
touch()
Records the current access location of this object for debugging purposes.
|
ReferenceCounted |
touch(Object hint)
Records the current access location of this object with an additional arbitrary information for debugging
purposes.
|
attributes, buildKeyManagerFactory, buildKeyStore, buildTrustManagerFactory, buildTrustManagerFactory, buildTrustManagerFactory, defaultClientProvider, defaultServerProvider, generateKeySpec, isServer, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newHandler, newHandler, newHandler, newHandler, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, nextProtocols, sessionCacheSize, sessionTimeout, toPrivateKey, toPrivateKey, toX509Certificates, toX509Certificates
protected static final int VERIFY_DEPTH
protected long ctx
ctxLock
must be hold while using ctx!public final List<String> cipherSuites()
SslContext
cipherSuites
in class SslContext
public ApplicationProtocolNegotiator applicationProtocolNegotiator()
SslContext
applicationProtocolNegotiator
in class SslContext
public final boolean isClient()
SslContext
true
if and only if this context is for client-side.isClient
in class SslContext
public final SSLEngine newEngine(ByteBufAllocator alloc, String peerHost, int peerPort)
SslContext
SSLEngine
using advisory peer information.
If SslProvider.OPENSSL_REFCNT
is used then the object must be released. One way to do this is to
wrap in a SslHandler
and insert it into a pipeline.
See SslContext.newHandler(ByteBufAllocator, String, int)
.
newEngine
in class SslContext
peerHost
- the non-authoritative name of the hostpeerPort
- the non-authoritative portSSLEngine
protected final SslHandler newHandler(ByteBufAllocator alloc, boolean startTls)
SslContext
newHandler
in class SslContext
SslContext.newHandler(ByteBufAllocator)
protected final SslHandler newHandler(ByteBufAllocator alloc, String peerHost, int peerPort, boolean startTls)
SslContext
newHandler
in class SslContext
SslContext.newHandler(ByteBufAllocator, String, int, boolean, Executor)
protected SslHandler newHandler(ByteBufAllocator alloc, boolean startTls, Executor executor)
SslContext
newHandler
in class SslContext
SslContext.newHandler(ByteBufAllocator, String, int, boolean, Executor)
protected SslHandler newHandler(ByteBufAllocator alloc, String peerHost, int peerPort, boolean startTls, Executor executor)
newHandler
in class SslContext
public final SSLEngine newEngine(ByteBufAllocator alloc)
SSLEngine
with the current configuration.newEngine
in class SslContext
SSLEngine
@Deprecated public final long context()
SSL_CTX
object for this ReferenceCountedOpenSslContext
.
Be aware that it is freed as soon as the Object.finalize()
method is called.
At this point 0
will be returned.@Deprecated public final OpenSslSessionStats stats()
#sessionContext#stats()
@Deprecated public void setRejectRemoteInitiatedRenegotiation(boolean rejectRemoteInitiatedRenegotiation)
SSLHandshakeException
will be thrown during decoding.@Deprecated public boolean getRejectRemoteInitiatedRenegotiation()
true
because renegotiation is not supported.public void setBioNonApplicationBufferSize(int bioNonApplicationBufferSize)
public int getBioNonApplicationBufferSize()
@Deprecated public final void setTicketKeys(byte[] keys)
OpenSslSessionContext.setTicketKeys(byte[])
public abstract OpenSslSessionContext sessionContext()
SslContext
SSLSessionContext
object held by this context.sessionContext
in class SslContext
@Deprecated public final long sslCtxPointer()
SSL_CTX
object for this ReferenceCountedOpenSslContext
.
Be aware that it is freed as soon as the release()
method is called.
At this point 0
will be returned.@Deprecated @UnstableApi public final void setPrivateKeyMethod(OpenSslPrivateKeyMethod method)
SslContextBuilder.option(SslContextOption, Object)
with
OpenSslContextOption.PRIVATE_KEY_METHOD
.OpenSslPrivateKeyMethod
to use. This allows to offload private-key operations
if needed.
This method is currently only supported when BoringSSL
is used.method
- method to use.@Deprecated public final void setUseTasks(boolean useTasks)
SslContextBuilder.option(SslContextOption, Object)
with
OpenSslContextOption.USE_TASKS
.protected static X509Certificate[] certificates(byte[][] chain)
@Deprecated protected static X509TrustManager chooseTrustManager(TrustManager[] managers)
protected static X509KeyManager chooseX509KeyManager(KeyManager[] kms)
public final int refCnt()
ReferenceCounted
0
, it means this object has been deallocated.refCnt
in interface ReferenceCounted
public final ReferenceCounted retain()
ReferenceCounted
1
.retain
in interface ReferenceCounted
public final ReferenceCounted retain(int increment)
ReferenceCounted
increment
.retain
in interface ReferenceCounted
public final ReferenceCounted touch()
ReferenceCounted
ResourceLeakDetector
. This method is a shortcut to touch(null)
.touch
in interface ReferenceCounted
public final ReferenceCounted touch(Object hint)
ReferenceCounted
ResourceLeakDetector
.touch
in interface ReferenceCounted
public final boolean release()
ReferenceCounted
1
and deallocates this object if the reference count reaches at
0
.release
in interface ReferenceCounted
true
if and only if the reference count became 0
and this object has been deallocatedpublic final boolean release(int decrement)
ReferenceCounted
decrement
and deallocates this object if the reference
count reaches at 0
.release
in interface ReferenceCounted
true
if and only if the reference count became 0
and this object has been deallocatedCopyright © 2008–2024 The Netty Project. All rights reserved.