[GitHub] [dubbo] guohao commented on a change in pull request #8116: [3.0]Support SSL

[GitBox <gi...@apache.org>]

guohao commented on a change in pull request #8116:
URL: https://github.com/apache/dubbo/pull/8116#discussion_r665476741



##########
File path: dubbo-remoting/dubbo-remoting-api/src/main/java/org/apache/dubbo/remoting/api/Connection.java
##########
@@ -103,14 +106,19 @@ private Bootstrap create() {
             @Override
             protected void initChannel(SocketChannel ch) {
                 ch.attr(CONNECTION).set(Connection.this);
-                // TODO support SSL
+
+                SslContext sslContext = SslContexts.buildClientSslContext(url);

Review comment:
        SSL context shoule only be created when URL enables it

##########
File path: dubbo-remoting/dubbo-remoting-api/src/main/java/org/apache/dubbo/remoting/api/PortUnificationServerHandler.java
##########
@@ -76,41 +70,28 @@ protected void decode(ChannelHandlerContext ctx, ByteBuf in, List<Object> out) t
             return;
         }
 
-        if (isSsl(in)) {
-            enableSsl(ctx);
-        } else {
-            for (final WireProtocol protocol : protocols) {
-                in.markReaderIndex();
-                final ProtocolDetector.Result result = protocol.detector().detect(ctx, in);
-                in.resetReaderIndex();
-                switch (result) {
-                    case UNRECOGNIZED:
-                        continue;
-                    case RECOGNIZED:
-                        protocol.configServerPipeline(ctx.pipeline(), null);
-                        ctx.pipeline().remove(this);
-                    case NEED_MORE_DATA:
-                        return;
-                }
+        for (final WireProtocol protocol : protocols) {

Review comment:
       Will it be better to support both SSL and nonSSL ?
   
   https://github.com/netty/netty/blob/4.1/example/src/main/java/io/netty/example/portunification/PortUnificationServerHandler.java
   
   

##########
File path: dubbo-remoting/dubbo-remoting-api/src/main/java/org/apache/dubbo/remoting/api/Connection.java
##########
@@ -103,14 +106,19 @@ private Bootstrap create() {
             @Override
             protected void initChannel(SocketChannel ch) {
                 ch.attr(CONNECTION).set(Connection.this);
-                // TODO support SSL
+
+                SslContext sslContext = SslContexts.buildClientSslContext(url);
+
+                if (getUrl().getParameter(SSL_ENABLED_KEY, false)) {
+                    ch.pipeline().addLast("negotiation", SslHandlerInitializer.sslClientHandler(sslContext, connectionHandler));

Review comment:
       It is enough to delegate SSL handling to PU handler rather than add it to pipepline firstly




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For additional commands, e-mail: notifications-help@dubbo.apache.org