You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@pulsar.apache.org by pe...@apache.org on 2021/11/26 13:10:24 UTC

[pulsar] 13/14: Use JDK default security provider when Conscrypt isn't available (#12938)

This is an automated email from the ASF dual-hosted git repository.

penghui pushed a commit to branch branch-2.8
in repository https://gitbox.apache.org/repos/asf/pulsar.git

commit affd256a645e97ce4e05038b057e85cd772032ec
Author: Lari Hotari <lh...@users.noreply.github.com>
AuthorDate: Thu Nov 25 15:29:24 2021 +0200

    Use JDK default security provider when Conscrypt isn't available (#12938)
    
    - fixes issue with ARM64 platform where Conscrypt isn't available
    
    (cherry picked from commit 4f2d52edfbb53f043ed5640ccde694b60707eea3)
---
 .../java/org/apache/pulsar/common/util/SecurityUtility.java   | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/pulsar-common/src/main/java/org/apache/pulsar/common/util/SecurityUtility.java b/pulsar-common/src/main/java/org/apache/pulsar/common/util/SecurityUtility.java
index fb6c835..30f019d 100644
--- a/pulsar-common/src/main/java/org/apache/pulsar/common/util/SecurityUtility.java
+++ b/pulsar-common/src/main/java/org/apache/pulsar/common/util/SecurityUtility.java
@@ -116,6 +116,16 @@ public class SecurityUtility {
     }
 
     private static Provider loadConscryptProvider() {
+        Class<?> conscryptClazz;
+
+        try {
+            conscryptClazz = Class.forName("org.conscrypt.Conscrypt");
+            conscryptClazz.getMethod("checkAvailability").invoke(null);
+        } catch (Throwable e) {
+            log.warn("Conscrypt isn't available. Using JDK default security provider.", e);
+            return null;
+        }
+
         Provider provider;
         try {
             provider = (Provider) Class.forName(CONSCRYPT_PROVIDER_CLASS).newInstance();
@@ -143,7 +153,6 @@ public class SecurityUtility {
         // contains the workaround.
         try {
             HostnameVerifier hostnameVerifier = new TlsHostnameVerifier();
-            Class<?> conscryptClazz = Class.forName("org.conscrypt.Conscrypt");
             Object wrappedHostnameVerifier = conscryptClazz
                     .getMethod("wrapHostnameVerifier",
                             new Class[]{HostnameVerifier.class}).invoke(null, hostnameVerifier);