Issue #2711 - TLS 1.3 compliance.
Disabled few tests that are TLS 1.2 specific.
Renegotiation in SslConnection is now skipped for TLS 1.3.
Replaced SNI keystore DSA certificate with RSA certificate.
First full build achieved with JDK 11+28.
Small changes after review.
Modified the test case to pass in JDK 8, where the implementation
throws SSLException, while in later JDKs throws SSLHandshakeException.
Minor cleanup
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
WIP.
Tentative fix to avoid that onFillable() is called after the exchange
is completed.
Now DecryptedEndPoint.fillInterest.fillable() is called before other
methods that may advance the exchange processing.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Now IllegalStateExceptions are thrown with a message.
Methods needsFillInterest() and onIncompleteFlush() are now wrapped in
try/catch to make sure the connection is closed in case of exceptions.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Isolated SSLEngine method calls and wrapped them into try/catch
blocks to ignore the NullPointerException thrown by Conscrypt.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Now checking for thread interrupted only when select() reports 0 selected.
This will avoid the check in case of legit I/O wakeups.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Added check for thread interrupted.
If interrupted and ManagedSelector is not running, bail out.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Major refactor of SslConnection to address #2233 and to simplify in preparation for java-11 support.
Made the `needFillInterest` and `onIncompleteFlush` methods the primary stateful methods with state for fill and flush side that does not reproduce state already held by the SslEngine itself.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
After discussion on openjdk/nio-dev, we now wakeup the selector
after closing a socket, so that the SelectionKey can be removed
from the Selector and the TCP stack notified that the socket
has been really closed, so that it can send RST to clients.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Issue #2468 - Remove SoLinger.
For non-blocking sockets, StandardSocketOptions#SO_LINGER javadocs
report that the behavior is undefined. In JDK 11 setting SoLinger
for non-blocking sockets will be ignored.
As such, there is no point in allowing SoLinger to be configured
in Jetty that only uses non-blocking sockets.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
WriteFlusher.write() now requires the callback it is given is not null
the FAILED state of WriteFlusher is now a terminal state
any failure will now result in the callback being failed and a transition to the FAILED state
the WriteFlusher documentation and WriteFlusherTests have also been altered to reflect these changes
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
removed HttpOutput.close(Closeable) method as IO.close(Closeable) should be used instead
added isFailed() method to WriteFlusher and used it to fix WriteFlusherTest.testFailWhileBlocking()
surrounded usage of onError() in HttpOutput.run() with try-finally so that IO.close(this) is executed if onError throws
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
changed write flusher to go from pending state to failed state
reverted previous HttpOutput changes
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
* Fixes#2366 - Review HTTP/2 interleaving.
Now using a fairer algorithm that performs multiple generation passes
but without generating all frames for the current entries - it stops
after N passes over all the entries when the number of bytes to
write is large enough.
Using HttpConfiguration.outputBufferSize as the writeThreshold on
the server and a default 32 KiB on the client to stop the generation
after a pass over all the entries.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
+ New SocketChannelEndPointTest replacement class
* Is Parameterized for both Normal/Ssl scenarios
* Builds a new set of connections/selector manager etc
for each test
* TestConnection moved to inner static class to not rely
on test class fields/methods
* Adding SafeInteger to help track down bad test behavior.
Blocking Read behavior doesn't do what we think, see Exception on CI.
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
+ Renamed old SocketChannelEndPointTest to
SocketChannelEndPointOpenCloseTest
+ Moved SelectChannelEndPointSslTest.checkSslEngineBehavior() to
new SslEngineBehaviorTest as its unrelated to the rest
of the SelectChannelEndPointTest logic
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
+ Renamed SelectChannelEndPointInterestsTest to
SocketChannelEndPointInterestsTest
+ Merged EndPointTest abstract class into SocketChannelEndPointTest
as it's only used by that testcase
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Hoping that this will reveal the specific circumstances (test order)
that lead to the frequent test failures on CI
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* Only close if parser closed and output is shutdown
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* a better possible fix
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* after review
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Protecton from recursion in SSL flush try again #2233
This would not be needed if we could make flush iterate when necessary.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Objects which inherit or implement an `equals()` method should not be compared with == or !=
When the comparison of references is intentional `@SuppressWarnings("ReferenceEquality")` can be used
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
Merging this PR for #2199 as we currently think it is not worse than previous and the code base is definitely simpler. While JMH has shown significant benefits for this approach, we have yet been able to demonstrate them in full scale integration tests - however that is likely due to GC and thread pool issues dominating.
A `org.eclipse.jetty.http2.PEC_MODE` System property has been added to allow the EWYK scheduling to be disabled for HTTP/2 if need be.
* Implementation of #1803 proposal 2 - EITHER dispatch type for EWYK
* made code more readable
* increase small threadpools in tests for extra reserved thread
* clean up
* minor code simplifications
* Work in progress to simplify reserved thread pool
* use a single ReservedThreadPool built into the QueuedThreadPool
* fixed javadoc
* removed more old reserved thread references
* disable EWYK for h2
* fixes from review
* use EWYK for HTTP2
* Fixed javadocs, imports and QueuedThreadPool constructors.
* fix javadoc
* EWYK avoid unnecessary pendings
* after review
* fixed merge with jetty-threadpool.xml
* alternate EWYK implementations
* added jetty copyright headers
* Simplified EWYK code after review
* fixed bad merge
* Code cleanups.
* Improved Javadocs for deprecated property "reservedThreads".
* Improved Javadocs for deprecated property "reservedThreads".
* added a system property to enable only PEC for HTTP/2
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Issue #1803 - Review usage of scheduling strategies
Use a single ReservedThreadExecutor built into the QueuedThreadPool
via new interface TryExecutor.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
There are still problems with this impl (some client tests ignored) and there is still a work around for the JNR bug 50, however this impl is already much better than the unix socket support that is already in the release. So will merge for now and put more effort in once there is a JNR fix.
* WIP add unix domain sockets support in HttpClient
* move unix socket client part to unix socket module #2014
* some cleanup #2014
* add missing headers #2014
* add TODO
* UnixSocket client refactor
* cleanup test and pom
* minor changes, use LOG.isDebugEnabled() before using debug method
* add UNIX SOCKET http client test with all other tests, push this to see what happen on Jenkins
* fix some unit tests
* fix more tests
* fix load test
* UnixSocket client
* Demonstrate JNR bug
* Worked around JNR bug 50
* close channel on client side as well
* more details in log
* log file path as well
* #2014 disable test per default as doesn't work on some environement
* Revert "#2014 disable test per default as doesn't work on some environement"
* test only on unix
* Allow test of specific transport(s)
* Move unix socket to /tmp
* move test socket to /tmp
* move test socket to /tmp
* ignore failing tests for now
* fix bean name and possible to use sys prop org.eclipse.jetty.http.client.AbstractTest.Transports with mvn cli
* test isBlank as surefire props is not null
* correctly create tmp file with @Before
* do not delete file
* use /tmp as build directory doesn't seem to work within docker...
* do not delete sock file on client as it is own by the server
* file must not exist when binding unix socket
* #2014 fix license header
* network specific tests assumed
* Fixed to handle null selector keys
* add assume for tests that assume a network connector
Signed-off-by: olivier lamy <olamy@webtide.com>
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Jesse McConnell
Simone Bordet
Greg Wilkins
Kazuhiro Sera
Joakim Erdfelt
Lachlan Roberts
olivier lamy