Java 17 only allows letter|digit|hyphen characters for SNI names.
While we could bypass this restriction on the client, when the SNI bytes arrive to the server they will be verified and if not allowed the TLS handshake will fail.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
(cherry picked from commit 693663a4ce)
Fixes#6043 - Reimplement UnixSocket support based on Java 16.
* Introduced new module "jetty-server-unixdomain".
It uses reflection to access the Java 16 Unix-Domain classes to keep compatibility with the other modules and the build.
* Added Jetty module with only HTTP/1.1 support for now (requires review of the modules to reuse them with various connectors).
* Updated documentation to mention UnixDomainServerConnector.
* Updated client libraries to support Unix-Domain.
* Updated PROXY protocol implementation to support Unix-Domain.
* Replaced unix.socket.tmp with better named jetty.unixdomain.dir property.
Defaulted jetty.unixdomain.dir property to system property user.home under Windows.
Simplified code that runs Unix-Domain tests.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Now using consistently HttpConversation.getTimeout() to report the accurate value.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
(cherry picked from commit 734d3b672c)
* Fixes#6410 - Use SocketAddress instead of InetSocketAddress.
Removed usages of InetSocketAddress in method signatures where possible.
Deprecated old methods, and added new methods with SocketAddress.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Reworked the total timeout handling.
* Now a CyclicTimeouts handles the exchanges in each HttpDestination,
and a CyclicTimeouts handles the exchanges in each HttpConnection
(rather than in HttpChannel).
* Now adjusting the total timeout for copied requests generated by
redirects and authentication.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
(cherry picked from commit 2e7d17400f)
Updated ConnectionStatistics to report both the stats of all connections,
and the stats grouped by connection class.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
(cherry picked from commit f902d12fe8)
* Fixes#6276 - Support non-standard domains in SNI and X509. (#6296)
Improved support for IP addresses in X509 (after #5379).
Introduced SslContextFactory.Client.SniProvider to allow applications to specify the SNI names to send to the server.
Improved logging of SNI processing.
Skip X509 matching over IP addresses when the host does
not look like an IP address, to avoid reverse DNS lookup.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
(cherry picked from commit 04df6d4ec2)
Avoid to allocate ContentListeners for every response.
Avoid using Java streams to reduce allocation.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Fixes#6251 - Use CyclicTimeout for HTTP2Streams.
Introduced CyclicTimeouts to manage many entities that may timeout.
Rewritten HttpDestination request timeouts using CyclicTimeouts.
HTTP2Stream does not inherit from IdleTimeout anymore; now a
CyclicTimeouts in HTTP2Session manages the stream timeouts.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Fixed logic in HttpDestination.RequestTimeouts, where now a timeout
is scheduled only when the expiration time is less than the existing one.
Various code cleanups.
Renamed HttpDestination.TimeoutTask to RequestTimeouts for clarity.
Improved javadocs, code comments and logging.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
(cherry picked from commit 5f23689aa7)
(cherry picked from commit da50e06b64)
(cherry picked from commit 88ac10439a)
* Fixes#5845 - Use UTF-8 encoding for client basic auth if requested.
* Introduced get/setCharset in BasicAuthenticator on server-side.
* Looking for the "charset" parameter on the client-side, and if there, use it.
* Added test case.
* Code cleanups.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Simone Bordet
Greg Wilkins
Ludovic Orban
Joakim Erdfelt
Jan Bartel
Olivier Lamy
Jesse McConnell