You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@mina.apache.org by Emmanuel Lécharny <el...@gmail.com> on 2022/04/08 22:26:19 UTC
MINA 2.2.0-M1
Hi !
I will start to cut a first milestone for the MINA 2.2.X branch. It has
been tested on Apache Ftpserver, Ldap API and Directory Server with success.
There will probably be more milestone, but that would be a first step.
The main changes are:
- a complete redesign of the TLS handling
- the removal of the SslFilter.DISABLE_ENCRYPTION_ONCE attribute, which
is either replaced by a dedicated filter, or the encapsulation of the
message in a DisableEncryptWriteRequest interface
I'll do that this week-end.
Thanks !
--
*Emmanuel Lécharny*
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@mina.apache.org
For additional commands, e-mail: dev-help@mina.apache.org
Re: MINA 2.2.0-M1
Posted by Emmanuel Lécharny <el...@gmail.com>.
Hi Christophe,
sorry, my late mail was off base.
The pb here is that the SSLEngine excpeiton is not propagated to the
handler, when it should.
My guess is that we have some missing call somewhere in the stack. I'm
going to check that out.
On 11/04/2022 00:15, Christoph John wrote:
> Hi,
>
> thanks Jonathan and Emmanuel for working on this!
> I tried to integrate this into QuickFIX/J and it compiles successfully.
> However there are some tests failing that expect an Exception. For
> example we have
> https://github.com/quickfix-j/quickfixj/blob/b6a822a46a5278dcd0985a5a77299ed03168ab03/quickfixj-core/src/test/java/quickfix/mina/ssl/SecureSocketTest.java#L54
>
>
> Up to now it was tried to get the Exception via a filter in the chain.
> This no longer seems to work but I think I can see the error getting
> thrown in the log:
>
> SEVERE: SSLHandlerG0@590ec99c[mode=server, connected=false] task() -
> storing error {}
> javax.net.ssl.SSLHandshakeException: No available authentication scheme
> at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
> at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
> at
> java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:358)
>
> at
> java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:314)
>
> at
> java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:305)
>
> at
> java.base/sun.security.ssl.CertificateMessage$T13CertificateProducer.onProduceCertificate(CertificateMessage.java:972)
>
> at
> java.base/sun.security.ssl.CertificateMessage$T13CertificateProducer.produce(CertificateMessage.java:961)
>
> at
> java.base/sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:440)
> at
> java.base/sun.security.ssl.ClientHello$T13ClientHelloConsumer.goServerHello(ClientHello.java:1246)
>
> at
> java.base/sun.security.ssl.ClientHello$T13ClientHelloConsumer.consume(ClientHello.java:1182)
>
> at
> java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:840)
>
> at
> java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:801)
>
> at
> java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396)
> at
> java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480)
>
> at
> java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277)
>
> at
> java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264)
>
> at
> java.base/java.security.AccessController.doPrivileged(AccessController.java:712)
>
> at
> java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209)
>
> at
> org.apache.mina.filter.ssl.SSLHandlerG0.execute_task(SSLHandlerG0.java:743)
> at
> org.apache.mina.filter.ssl.SSLHandlerG0.receive_loop(SSLHandlerG0.java:255)
> at
> org.apache.mina.filter.ssl.SSLHandlerG0.receive(SSLHandlerG0.java:162)
> at
> org.apache.mina.filter.ssl.SslFilter.messageReceived(SslFilter.java:342)
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:650)
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1300(DefaultIoFilterChain.java:49)
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:1128)
>
> at
> org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:122)
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:650)
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:643)
>
> at
> org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java:539)
>
> at
> org.apache.mina.core.polling.AbstractPollingIoProcessor.access$1200(AbstractPollingIoProcessor.java:68)
>
> at
> org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.process(AbstractPollingIoProcessor.java:1224)
>
> at
> org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.process(AbstractPollingIoProcessor.java:1213)
>
> at
> org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:683)
>
> at
> org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
>
> at
> java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
>
> at
> java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
>
> at java.base/java.lang.Thread.run(Thread.java:833)
>
> What is the new way to get this Exception?
>
> NB: I recall discussing this with Jonathan some months ago but seem to
> have lost track of the mail thread.
>
> Thanks in advance,
> Chris.
>
> On 09.04.22 00:26, Emmanuel Lécharny wrote:
>> Hi !
>>
>> I will start to cut a first milestone for the MINA 2.2.X branch. It
>> has been tested on Apache Ftpserver, Ldap API and Directory Server
>> with success.
>>
>> There will probably be more milestone, but that would be a first step.
>>
>> The main changes are:
>> - a complete redesign of the TLS handling
>> - the removal of the SslFilter.DISABLE_ENCRYPTION_ONCE attribute,
>> which is either replaced by a dedicated filter, or the encapsulation
>> of the message in a DisableEncryptWriteRequest interface
>>
>>
>> I'll do that this week-end.
>>
>> Thanks !
>
--
*Emmanuel Lécharny - CTO* 205 Promenade des Anglais – 06200 NICE
T. +33 (0)4 89 97 36 50
P. +33 (0)6 08 33 32 61
emmanuel.lecharny@busit.com https://www.busit.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@mina.apache.org
For additional commands, e-mail: dev-help@mina.apache.org
Re: MINA 2.2.0-M1
Posted by Emmanuel Lécharny <el...@gmail.com>.
Hi Christoph,
I faced the issue too. The way it now works is that MINA will send a TLS
Alert message which should contain the root cause.
It's a little bit late here for me to dig in the Apache FTPServer code
where we were facing the issue, I'll do that tomorrow.
On 11/04/2022 00:15, Christoph John wrote:
> Hi,
>
> thanks Jonathan and Emmanuel for working on this!
> I tried to integrate this into QuickFIX/J and it compiles successfully.
> However there are some tests failing that expect an Exception. For
> example we have
> https://github.com/quickfix-j/quickfixj/blob/b6a822a46a5278dcd0985a5a77299ed03168ab03/quickfixj-core/src/test/java/quickfix/mina/ssl/SecureSocketTest.java#L54
>
>
> Up to now it was tried to get the Exception via a filter in the chain.
> This no longer seems to work but I think I can see the error getting
> thrown in the log:
>
> SEVERE: SSLHandlerG0@590ec99c[mode=server, connected=false] task() -
> storing error {}
> javax.net.ssl.SSLHandshakeException: No available authentication scheme
> at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
> at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
> at
> java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:358)
>
> at
> java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:314)
>
> at
> java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:305)
>
> at
> java.base/sun.security.ssl.CertificateMessage$T13CertificateProducer.onProduceCertificate(CertificateMessage.java:972)
>
> at
> java.base/sun.security.ssl.CertificateMessage$T13CertificateProducer.produce(CertificateMessage.java:961)
>
> at
> java.base/sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:440)
> at
> java.base/sun.security.ssl.ClientHello$T13ClientHelloConsumer.goServerHello(ClientHello.java:1246)
>
> at
> java.base/sun.security.ssl.ClientHello$T13ClientHelloConsumer.consume(ClientHello.java:1182)
>
> at
> java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:840)
>
> at
> java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:801)
>
> at
> java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396)
> at
> java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480)
>
> at
> java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277)
>
> at
> java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264)
>
> at
> java.base/java.security.AccessController.doPrivileged(AccessController.java:712)
>
> at
> java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209)
>
> at
> org.apache.mina.filter.ssl.SSLHandlerG0.execute_task(SSLHandlerG0.java:743)
> at
> org.apache.mina.filter.ssl.SSLHandlerG0.receive_loop(SSLHandlerG0.java:255)
> at
> org.apache.mina.filter.ssl.SSLHandlerG0.receive(SSLHandlerG0.java:162)
> at
> org.apache.mina.filter.ssl.SslFilter.messageReceived(SslFilter.java:342)
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:650)
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1300(DefaultIoFilterChain.java:49)
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:1128)
>
> at
> org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:122)
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:650)
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:643)
>
> at
> org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java:539)
>
> at
> org.apache.mina.core.polling.AbstractPollingIoProcessor.access$1200(AbstractPollingIoProcessor.java:68)
>
> at
> org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.process(AbstractPollingIoProcessor.java:1224)
>
> at
> org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.process(AbstractPollingIoProcessor.java:1213)
>
> at
> org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:683)
>
> at
> org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
>
> at
> java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
>
> at
> java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
>
> at java.base/java.lang.Thread.run(Thread.java:833)
>
> What is the new way to get this Exception?
>
> NB: I recall discussing this with Jonathan some months ago but seem to
> have lost track of the mail thread.
>
> Thanks in advance,
> Chris.
>
> On 09.04.22 00:26, Emmanuel Lécharny wrote:
>> Hi !
>>
>> I will start to cut a first milestone for the MINA 2.2.X branch. It
>> has been tested on Apache Ftpserver, Ldap API and Directory Server
>> with success.
>>
>> There will probably be more milestone, but that would be a first step.
>>
>> The main changes are:
>> - a complete redesign of the TLS handling
>> - the removal of the SslFilter.DISABLE_ENCRYPTION_ONCE attribute,
>> which is either replaced by a dedicated filter, or the encapsulation
>> of the message in a DisableEncryptWriteRequest interface
>>
>>
>> I'll do that this week-end.
>>
>> Thanks !
>
--
*Emmanuel Lécharny - CTO* 205 Promenade des Anglais – 06200 NICE
T. +33 (0)4 89 97 36 50
P. +33 (0)6 08 33 32 61
emmanuel.lecharny@busit.com https://www.busit.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@mina.apache.org
For additional commands, e-mail: dev-help@mina.apache.org
Re: MINA 2.2.0-M1
Posted by Christoph John <ch...@macd.com.INVALID>.
Hi,
thanks Jonathan and Emmanuel for working on this!
I tried to integrate this into QuickFIX/J and it compiles successfully. However there are some tests
failing that expect an Exception. For example we have
https://github.com/quickfix-j/quickfixj/blob/b6a822a46a5278dcd0985a5a77299ed03168ab03/quickfixj-core/src/test/java/quickfix/mina/ssl/SecureSocketTest.java#L54
Up to now it was tried to get the Exception via a filter in the chain. This no longer seems to work
but I think I can see the error getting thrown in the log:
SEVERE: SSLHandlerG0@590ec99c[mode=server, connected=false] task() - storing error {}
javax.net.ssl.SSLHandshakeException: No available authentication scheme
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:358)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:314)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:305)
at
java.base/sun.security.ssl.CertificateMessage$T13CertificateProducer.onProduceCertificate(CertificateMessage.java:972)
at
java.base/sun.security.ssl.CertificateMessage$T13CertificateProducer.produce(CertificateMessage.java:961)
at java.base/sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:440)
at
java.base/sun.security.ssl.ClientHello$T13ClientHelloConsumer.goServerHello(ClientHello.java:1246)
at java.base/sun.security.ssl.ClientHello$T13ClientHelloConsumer.consume(ClientHello.java:1182)
at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:840)
at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:801)
at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480)
at
java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277)
at
java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264)
at java.base/java.security.AccessController.doPrivileged(AccessController.java:712)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209)
at org.apache.mina.filter.ssl.SSLHandlerG0.execute_task(SSLHandlerG0.java:743)
at org.apache.mina.filter.ssl.SSLHandlerG0.receive_loop(SSLHandlerG0.java:255)
at org.apache.mina.filter.ssl.SSLHandlerG0.receive(SSLHandlerG0.java:162)
at org.apache.mina.filter.ssl.SslFilter.messageReceived(SslFilter.java:342)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:650)
at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1300(DefaultIoFilterChain.java:49)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:1128)
at org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:122)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:650)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:643)
at
org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java:539)
at
org.apache.mina.core.polling.AbstractPollingIoProcessor.access$1200(AbstractPollingIoProcessor.java:68)
at
org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.process(AbstractPollingIoProcessor.java:1224)
at
org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.process(AbstractPollingIoProcessor.java:1213)
at
org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:683)
at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
at java.base/java.lang.Thread.run(Thread.java:833)
What is the new way to get this Exception?
NB: I recall discussing this with Jonathan some months ago but seem to have lost track of the mail
thread.
Thanks in advance,
Chris.
On 09.04.22 00:26, Emmanuel Lécharny wrote:
> Hi !
>
> I will start to cut a first milestone for the MINA 2.2.X branch. It has been tested on Apache
> Ftpserver, Ldap API and Directory Server with success.
>
> There will probably be more milestone, but that would be a first step.
>
> The main changes are:
> - a complete redesign of the TLS handling
> - the removal of the SslFilter.DISABLE_ENCRYPTION_ONCE attribute, which is either replaced by a
> dedicated filter, or the encapsulation of the message in a DisableEncryptWriteRequest interface
>
>
> I'll do that this week-end.
>
> Thanks !
--
Christoph John
Software Engineering
T +49 241 557080-28
christoph.john@macd.com
MACD GmbH
Oppenhoffallee 103
52066 Aachen, Germany
www.macd.com
Amtsgericht Aachen: HRB 8151
Ust.-Id: DE 813021663
Geschäftsführer: George Macdonald
Re: MINA 2.2.0-M1
Posted by Christoph John <ch...@macd.com.INVALID>.
Works like a charm, thank you.
Cheers,
Chris.
On 11.04.22 13:48, Jonathan Valliere wrote:
> Its now exposed through this Attribute
> https://github.com/apache/mina/blob/9c237cabb4ecc5ef8c379cc2d7a75c9d09c164cb/mina-core/src/main/java/org/apache/mina/filter/ssl/SslFilter.java#L57
>
> This change ensures that the developer can only access that object after the handshake is complete.
>
> CONFIDENTIALITY NOTICE: The contents of this email message and any attachments are intended solely
> for the addressee(s) and may contain confidential and/or privileged information and may be legally
> protected from disclosure.
>
>
> On Apr 11, 2022 at 7:07:42 AM, Christoph John <ch...@macd.com.invalid> wrote:
>> Hi Emmanuel,
>>
>> another short question that came up when checking my unit tests. Formerly there was a method
>> SslFilter.getSslSession:
>> https://github.com/apache/mina/blob/35aafff17ee3fc655844058b28489c4c14af65fa/mina-core/src/main/java/org/apache/mina/filter/ssl/SslFilter.java#L199
>>
>> What is the replacement for that? I want to check the peer certificates of the SSLSession.
>>
>> Thanks in advance and best regards,
>> Christoph.
>>
>>
>> On 11.04.22 10:53, Emmanuel Lécharny wrote:
>>> Hi!
>>>
>>> I've made a slight mistake yesterday evening (or should I say this early this morning): I name the
>>> release 2.2.0.
>>>
>>> I haven't yet launch the vote, so I may revert and delete the release to name it 2.2.0-M1, and
>>> also check the pb Cristoph is mentionning (the non propagation of an exception to the IoAdapter
>>> when the SSLEngine throw it).
>>>
>>> I'll keep you inform...
>>
--
Christoph John
Software Engineering
T +49 241 557080-28
christoph.john@macd.com
MACD GmbH
Oppenhoffallee 103
52066 Aachen, Germany
www.macd.com
Amtsgericht Aachen: HRB 8151
Ust.-Id: DE 813021663
Geschäftsführer: George Macdonald
Re: MINA 2.2.0-M1
Posted by Jonathan Valliere <jo...@emoten.com>.
Its now exposed through this Attribute
https://github.com/apache/mina/blob/9c237cabb4ecc5ef8c379cc2d7a75c9d09c164cb/mina-core/src/main/java/org/apache/mina/filter/ssl/SslFilter.java#L57
This change ensures that the developer can only access that object after
the handshake is complete.
CONFIDENTIALITY NOTICE: The contents of this email message and any
attachments are intended solely for the addressee(s) and may contain
confidential and/or privileged information and may be legally protected
from disclosure.
On Apr 11, 2022 at 7:07:42 AM, Christoph John
<ch...@macd.com.invalid> wrote:
> Hi Emmanuel,
>
> another short question that came up when checking my unit tests. Formerly
> there was a method
> SslFilter.getSslSession:
>
> https://github.com/apache/mina/blob/35aafff17ee3fc655844058b28489c4c14af65fa/mina-core/src/main/java/org/apache/mina/filter/ssl/SslFilter.java#L199
>
> What is the replacement for that? I want to check the peer certificates of
> the SSLSession.
>
> Thanks in advance and best regards,
> Christoph.
>
>
> On 11.04.22 10:53, Emmanuel Lécharny wrote:
>
> Hi!
>
>
> I've made a slight mistake yesterday evening (or should I say this early
> this morning): I name the
>
> release 2.2.0.
>
>
> I haven't yet launch the vote, so I may revert and delete the release to
> name it 2.2.0-M1, and
>
> also check the pb Cristoph is mentionning (the non propagation of an
> exception to the IoAdapter
>
> when the SSLEngine throw it).
>
>
> I'll keep you inform...
>
>
>
> On 09/04/2022 00:26, Emmanuel Lécharny wrote:
>
> > Hi !
>
> >
>
> > I will start to cut a first milestone for the MINA 2.2.X branch. It has
> been tested on Apache
>
> > Ftpserver, Ldap API and Directory Server with success.
>
> >
>
> > There will probably be more milestone, but that would be a first step.
>
> >
>
> > The main changes are:
>
> > - a complete redesign of the TLS handling
>
> > - the removal of the SslFilter.DISABLE_ENCRYPTION_ONCE attribute, which
> is either replaced by a
>
> > dedicated filter, or the encapsulation of the message in a
> DisableEncryptWriteRequest interface
>
> >
>
> >
>
> > I'll do that this week-end.
>
> >
>
> > Thanks !
>
>
>
> --
> Christoph John
> Software Engineering
> T +49 241 557080-28
> christoph.john@macd.com
>
> MACD GmbH
> Oppenhoffallee 103
> 52066 Aachen, Germany
> www.macd.com
>
> Amtsgericht Aachen: HRB 8151
> Ust.-Id: DE 813021663
> Geschäftsführer: George Macdonald
>
Re: MINA 2.2.0-M1
Posted by Christoph John <ch...@macd.com.INVALID>.
Hi Emmanuel,
another short question that came up when checking my unit tests. Formerly there was a method
SslFilter.getSslSession:
https://github.com/apache/mina/blob/35aafff17ee3fc655844058b28489c4c14af65fa/mina-core/src/main/java/org/apache/mina/filter/ssl/SslFilter.java#L199
What is the replacement for that? I want to check the peer certificates of the SSLSession.
Thanks in advance and best regards,
Christoph.
On 11.04.22 10:53, Emmanuel Lécharny wrote:
> Hi!
>
> I've made a slight mistake yesterday evening (or should I say this early this morning): I name the
> release 2.2.0.
>
> I haven't yet launch the vote, so I may revert and delete the release to name it 2.2.0-M1, and
> also check the pb Cristoph is mentionning (the non propagation of an exception to the IoAdapter
> when the SSLEngine throw it).
>
> I'll keep you inform...
>
>
> On 09/04/2022 00:26, Emmanuel Lécharny wrote:
>> Hi !
>>
>> I will start to cut a first milestone for the MINA 2.2.X branch. It has been tested on Apache
>> Ftpserver, Ldap API and Directory Server with success.
>>
>> There will probably be more milestone, but that would be a first step.
>>
>> The main changes are:
>> - a complete redesign of the TLS handling
>> - the removal of the SslFilter.DISABLE_ENCRYPTION_ONCE attribute, which is either replaced by a
>> dedicated filter, or the encapsulation of the message in a DisableEncryptWriteRequest interface
>>
>>
>> I'll do that this week-end.
>>
>> Thanks !
>
--
Christoph John
Software Engineering
T +49 241 557080-28
christoph.john@macd.com
MACD GmbH
Oppenhoffallee 103
52066 Aachen, Germany
www.macd.com
Amtsgericht Aachen: HRB 8151
Ust.-Id: DE 813021663
Geschäftsführer: George Macdonald
Re: MINA 2.2.0-M1
Posted by Emmanuel Lécharny <el...@gmail.com>.
Hi!
I've made a slight mistake yesterday evening (or should I say this early
this morning): I name the release 2.2.0.
I haven't yet launch the vote, so I may revert and delete the release to
name it 2.2.0-M1, and also check the pb Cristoph is mentionning (the non
propagation of an exception to the IoAdapter when the SSLEngine throw it).
I'll keep you inform...
On 09/04/2022 00:26, Emmanuel Lécharny wrote:
> Hi !
>
> I will start to cut a first milestone for the MINA 2.2.X branch. It has
> been tested on Apache Ftpserver, Ldap API and Directory Server with
> success.
>
> There will probably be more milestone, but that would be a first step.
>
> The main changes are:
> - a complete redesign of the TLS handling
> - the removal of the SslFilter.DISABLE_ENCRYPTION_ONCE attribute, which
> is either replaced by a dedicated filter, or the encapsulation of the
> message in a DisableEncryptWriteRequest interface
>
>
> I'll do that this week-end.
>
> Thanks !
--
*Emmanuel Lécharny - CTO* 205 Promenade des Anglais – 06200 NICE
T. +33 (0)4 89 97 36 50
P. +33 (0)6 08 33 32 61
emmanuel.lecharny@busit.com https://www.busit.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@mina.apache.org
For additional commands, e-mail: dev-help@mina.apache.org