Don't disable HttpObjectDecoder on upgrade from HTTP/1.x to HTTP/1.x over TLS#7298
Don't disable HttpObjectDecoder on upgrade from HTTP/1.x to HTTP/1.x over TLS#7298
Conversation
78dc2b0 to
96e25c5
Compare
|
@pkolaczk can you please add a unit test ? |
|
Yes, sure, I'll do. Is the patch ok besides that? |
|
@pkolaczk yes... please also sign our ICLA: |
96e25c5 to
7959b83
Compare
|
test added |
There was a problem hiding this comment.
you will need to release the FullHttpResponse
There was a problem hiding this comment.
you will need to release the FullHttpResponse
There was a problem hiding this comment.
consider using finishAndReleaseAll()
|
ok, if I use |
7959b83 to
a80187f
Compare
HTTP/1.x over TLS This change allows to upgrade a plain HTTP 1.x connection to TLS according to RFC 2817. Switching the transport layer to TLS should be possible without removing HttpClientCodec from the pipeline, because HTTP/1.x layer of the protocol remains untouched by the switch and the HttpClientCodec state must be retained for proper handling the remainder of the response message, per RFC 2817 requirement in point 3.3: Once the TLS handshake completes successfully, the server MUST continue with the response to the original request. After this commit, the upgrade can be established by simply inserting an SslHandler at the front of the pipeline after receiving 101 SWITCHING PROTOCOLS response, exactly as described in SslHander documentation. Modifications: - Don't set HttpObjectDecoder into UPGRADED state if 101 SWITCHING_PROTOCOLS response contains HTTP/1.0 or HTTP/1.1 in the protocol stack described by the Upgrade header. - Skip pairing comparison for 101 SWITCHING_PROTOCOLS, similar to 100 CONTINUE, since 101 is not the final response to the original request and the final response is expected after TLS handshake. Fixes netty#7293.
a80187f to
16adb6d
Compare
|
Nope
… Am 26.10.2017 um 16:36 schrieb Piotr Kołaczkowski ***@***.***>:
ok, if I use finishAndReleaseAll do I still need these release loops at the end?
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or mute the thread.
|
|
|
||
| assertTrue("Channel inbound write failed.", | ||
| ch.writeInbound(Unpooled.copiedBuffer(SWITCHING_PROTOCOLS_RESPONSE, CharsetUtil.ISO_8859_1))); | ||
| Object switchingProtocolsResponse = ch.readInbound(); |
There was a problem hiding this comment.
just do:
FullHttpResponse switchingProtocolsResponse = ch.readInbound();There was a problem hiding this comment.
Well, but wouldn't it be a bit too implicit and hide the real purpose of the test? This test is basically checking if we do get back a decoded response and not just a plain buffer, like it was before the patch.
There was a problem hiding this comment.
Honestly I am not sure why this would be any different then the assertThat that would fail below. Both will fail because the type is not what you expect. So I prefer what I suggested as then you can just remove the assertThas and also the cast later on when releasing
There was a problem hiding this comment.
Both would fail, but with different message, and in the second case - this would be the assertion failing and not just some code. An assertion failing is a strong indicator to me that the code breaks something this test was really testing for, and not just an accidental breaking of the test caused by e.g. refactoring. I just want to avoid a situation that in the future this call returns an object of a different type, and someone just fixes the test by changing the type in the test instead of thinking why the test was like that.
But anyway, I can change it if you insist. :)
There was a problem hiding this comment.
I am not super strong on it... if you are more happy with your way then its fine.
There was a problem hiding this comment.
Ok thanks, so I leave it as it is.
|
|
||
| assertTrue("Channel inbound write failed", | ||
| ch.writeInbound(Unpooled.copiedBuffer(RESPONSE, CharsetUtil.ISO_8859_1))); | ||
| Object finalResponse = ch.readInbound(); |
There was a problem hiding this comment.
Just do:
FullHttpResponse finalResponse = ch.readInbound();There was a problem hiding this comment.
If my patch did not work, this would throw CCE, which would not be very obvious and could suggest (to someone not knowing the test purpose) the test was broken, and not the code under test.
ejona86
left a comment
There was a problem hiding this comment.
Didn't really dig into the test, but this looks about right to me.
|
@Scottmitch @carl-mastrangelo want to have a look as well ? If I not hear back from you till monday I will merge. |
Motivation:
Being able to upgrade plain HTTP 1.x connection to TLS according to RFC 2817.
Switching the transport layer to TLS should be possible without removing
HttpClientCodecfrom the pipeline, because HTTP/1.x layer of the protocol remains untouched by the switch.Modification:
Don't set HttpObjectDecoder into UPGRADED state if SWITCHING_PROTOCOLS response contains HTTP/1.0 or HTTP/1.1 in the protocol stack described by the Upgrade header.
Describe the modifications you've done.
Added a new method isSwitchingToNonHttp1Protocol and called it from resetNow.
Additionally I had to skip pairing comparison for HTTP 101, because otherwise it resulted with NPE during decoding. I can see no reason why HTTP 100 and 101 would be handled differently in terms of request-response pairing.
Result:
Fixes #7293.