You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@servicecomb.apache.org by GitBox <gi...@apache.org> on 2021/11/05 03:11:58 UTC

[GitHub] [servicecomb-java-chassis] pigbayspy opened a new issue #2632: 关于 netty-tcnative-boringssl-static 这个依赖的作用

pigbayspy opened a new issue #2632:
URL: https://github.com/apache/servicecomb-java-chassis/issues/2632


   我观察到 registry-service-center 这个包依赖了 netty-tcnative-boringssl-static
   其依赖路径为
    +- org.apache.servicecomb:registry-service-center:jar:2.3.3:compile
    |  +- org.apache.servicecomb:deployment:jar:2.3.3:compile
    |  +- org.apache.servicecomb:foundation-vertx:jar:2.3.3:compile
    |  |  +- io.vertx:vertx-web:jar:4.1.1:compile
    |  |  |  \- io.vertx:vertx-bridge-common:jar:4.1.1:compile
    |  |  \- org.apache.servicecomb:foundation-ssl:jar:2.3.3:compile
    |  |     \- io.netty:netty-tcnative-boringssl-static:jar:2.0.40.Final:compile
   
   我想请教一下，排除掉（exclude）netty-tcnative-boringssl-static 这个依赖会有什么影响呢？


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@servicecomb.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [servicecomb-java-chassis] pigbayspy commented on issue #2632: 关于 netty-tcnative-boringssl-static 这个依赖的作用

Posted by GitBox <gi...@apache.org>.

pigbayspy commented on issue #2632:
URL: https://github.com/apache/servicecomb-java-chassis/issues/2632#issuecomment-961601698






-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@servicecomb.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [servicecomb-java-chassis] fanjiwang1992 commented on issue #2632: 关于 netty-tcnative-boringssl-static 这个依赖的作用

Posted by GitBox <gi...@apache.org>.

fanjiwang1992 commented on issue #2632:
URL: https://github.com/apache/servicecomb-java-chassis/issues/2632#issuecomment-961644898


   你排除的话 项目启动应该会报ALPN not available for JDK SSL/TLS engine错误吧, 
   servicecomb服务间通信底层用了netty的,netty内部实现了标准的 jdk ssl 以及openssl,使用openssl的话,必须需要额外引入netty-tcnative-boringssl-static


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@servicecomb.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [servicecomb-java-chassis] fanjiwang1992 commented on issue #2632: 关于 netty-tcnative-boringssl-static 这个依赖的作用

Posted by GitBox <gi...@apache.org>.

fanjiwang1992 commented on issue #2632:
URL: https://github.com/apache/servicecomb-java-chassis/issues/2632#issuecomment-961598958






-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@servicecomb.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [servicecomb-java-chassis] fanjiwang1992 commented on issue #2632: 关于 netty-tcnative-boringssl-static 这个依赖的作用

Posted by GitBox <gi...@apache.org>.

fanjiwang1992 commented on issue #2632:
URL: https://github.com/apache/servicecomb-java-chassis/issues/2632#issuecomment-961598958


   如果服务间调用启用TLS认证 需要用到这个依赖


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@servicecomb.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [servicecomb-java-chassis] pigbayspy commented on issue #2632: 关于 netty-tcnative-boringssl-static 这个依赖的作用

Posted by GitBox <gi...@apache.org>.

pigbayspy commented on issue #2632:
URL: https://github.com/apache/servicecomb-java-chassis/issues/2632#issuecomment-961601698


   > 如果服务间调用启用TLS认证 需要用到这个依赖
   
   您说的是通过
   ```yaml
   servicecomb:
       rest:
         address: ip:port?sslEnabled=true
   ```
   这样的方式来启动微服务间调用的加密吗？
   我在都排除了 netty-tcnative-boringssl-static 这个依赖的情况下，使用微服务A调用另一个启用了TLS认证的微服务B，然后调用成功了


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@servicecomb.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [servicecomb-java-chassis] pigbayspy commented on issue #2632: 关于 netty-tcnative-boringssl-static 这个依赖的作用

Posted by GitBox <gi...@apache.org>.

pigbayspy commented on issue #2632:
URL: https://github.com/apache/servicecomb-java-chassis/issues/2632#issuecomment-961658371


   > 你排除的话 项目启动应该会报ALPN not available for JDK SSL/TLS engine错误吧, servicecomb服务间通信底层用了netty的,netty内部实现了标准的 jdk ssl 以及openssl,使用openssl的话,必须需要额外引入netty-tcnative-boringssl-static
   
   没有看到该日志
   
   我们部署服务的机器上已经安装了 openSSL，是不是跟这个有关？


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@servicecomb.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [servicecomb-java-chassis] pigbayspy commented on issue #2632: 关于 netty-tcnative-boringssl-static 这个依赖的作用

Posted by GitBox <gi...@apache.org>.

pigbayspy commented on issue #2632:
URL: https://github.com/apache/servicecomb-java-chassis/issues/2632#issuecomment-961601698






-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@servicecomb.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [servicecomb-java-chassis] fanjiwang1992 commented on issue #2632: 关于 netty-tcnative-boringssl-static 这个依赖的作用

Posted by GitBox <gi...@apache.org>.

fanjiwang1992 commented on issue #2632:
URL: https://github.com/apache/servicecomb-java-chassis/issues/2632#issuecomment-961598958






-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@servicecomb.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [servicecomb-java-chassis] pigbayspy commented on issue #2632: 关于 netty-tcnative-boringssl-static 这个依赖的作用

Posted by GitBox <gi...@apache.org>.

pigbayspy commented on issue #2632:
URL: https://github.com/apache/servicecomb-java-chassis/issues/2632#issuecomment-961725090


   从这个链接上可以看一下 netty 是这么说的 https://netty.io/wiki/requirements-for-4.x.html#requirements-for-using-openssl
   
   > 
   > Requirements for using OpenSSL
   > OpenSSL version >= 1.0.2 for ALPN support, or version >= 1.0.1 for NPN.
   > netty-tcnative version >= 1.1.33.Fork7 must be on classpath.
   > Supported platforms (for netty-tcnative): linux-x86_64, mac-x86_64, windows-x86_64. Supporting other platforms will > require manually building netty-tcnative.
   > If the above requirements are met, Netty will automatically select OpenSSL as the default TLS provider.
   
   netty 好像会默认使用 openSSL


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@servicecomb.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [servicecomb-java-chassis] pigbayspy commented on issue #2632: 关于 netty-tcnative-boringssl-static 这个依赖的作用

Posted by GitBox <gi...@apache.org>.

pigbayspy commented on issue #2632:
URL: https://github.com/apache/servicecomb-java-chassis/issues/2632#issuecomment-961732097


   找到原因了
   
   microservice.yaml 里面我们没有配置 `ssl.engine` 选项，因此用的是默认的 jdk


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@servicecomb.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [servicecomb-java-chassis] pigbayspy closed issue #2632: 关于 netty-tcnative-boringssl-static 这个依赖的作用

Posted by GitBox <gi...@apache.org>.

pigbayspy closed issue #2632:
URL: https://github.com/apache/servicecomb-java-chassis/issues/2632


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@servicecomb.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [servicecomb-java-chassis] pigbayspy closed issue #2632: 关于 netty-tcnative-boringssl-static 这个依赖的作用

Posted by GitBox <gi...@apache.org>.

pigbayspy closed issue #2632:
URL: https://github.com/apache/servicecomb-java-chassis/issues/2632






-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@servicecomb.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [servicecomb-java-chassis] pigbayspy commented on issue #2632: 关于 netty-tcnative-boringssl-static 这个依赖的作用

Posted by GitBox <gi...@apache.org>.

pigbayspy commented on issue #2632:
URL: https://github.com/apache/servicecomb-java-chassis/issues/2632#issuecomment-961718124


   > 你排除的话 项目启动应该会报ALPN not available for JDK SSL/TLS engine错误吧, servicecomb服务间通信底层用了netty的,netty内部实现了标准的 jdk ssl 以及openssl,使用openssl的话,必须需要额外引入netty-tcnative-boringssl-static
   
   而且这个包从名称上面来看是 boringssl，是用来替代 openSSL 的。这么想的话如果机器上安装了 openSSL，应该是可以不用这个包也能正常运行的


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@servicecomb.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org