Blocking call in ReferenceCountedOpenSslClientContext$ExtendedTrustManagerVerifyCallback #10384
Description
Expected behavior
No blocking calls reported by BlockHound
Actual behavior
The exception below appears when BlockHound is installed
Caused by: reactor.blockhound.BlockingOperationError: Blocking call! java.io.FileInputStream#readBytes
at java.base/java.io.FileInputStream.readBytes(FileInputStream.java)
at java.base/java.io.FileInputStream.read(FileInputStream.java:257)
at java.base/java.util.Properties$LineReader.readLine(Properties.java:500)
at java.base/java.util.Properties.load0(Properties.java:416)
at java.base/java.util.Properties.load(Properties.java:405)
at java.base/sun.security.util.UntrustedCertificates$1.run(UntrustedCertificates.java:60)
at java.base/sun.security.util.UntrustedCertificates$1.run(UntrustedCertificates.java:54)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at java.base/sun.security.util.UntrustedCertificates.<clinit>(UntrustedCertificates.java:54)
at java.base/sun.security.provider.certpath.UntrustedChecker.check(UntrustedChecker.java:78)
at java.base/java.security.cert.PKIXCertPathChecker.check(PKIXCertPathChecker.java:176)
at java.base/sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:171)
at java.base/sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:145)
at java.base/sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:84)
at java.base/java.security.cert.CertPathValidator.validate(CertPathValidator.java:309)
at java.base/sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:364)
at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:275)
at java.base/sun.security.validator.Validator.validate(Validator.java:264)
at java.base/sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:313)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:276)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:141)
at io.netty.handler.ssl.ReferenceCountedOpenSslClientContext$ExtendedTrustManagerVerifyCallback.verify(ReferenceCountedOpenSslClientContext.java:261)
at io.netty.handler.ssl.ReferenceCountedOpenSslContext$AbstractCertificateVerifier.verify(ReferenceCountedOpenSslContext.java:700)
at io.netty.internal.tcnative.SSL.readFromSSL(Native Method)
at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.readPlaintextData(ReferenceCountedOpenSslEngine.java:597)
at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1199)
at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1321)
at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1365)
at io.netty.handler.ssl.SslHandler$SslEngineType$1.unwrap(SslHandler.java:206)
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1380)
The issue is related to reactor/reactor-netty#1148
Minimal yet complete reproducer code (or URL to code)
Run the test from the Netty fork below with profiles java11 and boringssl
mvn -Dtest=io.netty.util.internal.NettyBlockHoundIntegrationTest#testTrustManagerVerify test -Pjava11 -Pboringssl
Netty version
Current snapshot
JVM version (e.g. java -version)
java 11
OS version (e.g. uname -a)
Mac OS