Skip to content

Commit a393f49

Browse files
normanmaurernormanmaurer
authored
Ensure native library is loaded before making calls in the static block (netty#760)
Motivation: We need to ensure we try to load the native library before we try to do any native calls. Otherwise it might fail with UnsatisfiedLinkError Modifications: - Ensure native lib is loaded before any native calls are done Result: No more UnsatifiedLinkError possible. Fixes netty#759
1 parent 5be2bf7 commit a393f49

File tree

1 file changed

+48
-44
lines changed

1 file changed

+48
-44
lines changed

codec-classes-quic/src/main/java/io/netty/incubator/codec/quic/QuicheQuicSslContext.java

Lines changed: 48 additions & 44 deletions
Original file line numberDiff line numberDiff line change
@@ -80,58 +80,62 @@ final class QuicheQuicSslContext extends QuicSslContext {
8080
defaultConvertedNamedGroups.add(GroupsConverter.toBoringSSL(namedGroups[i]));
8181
}
8282

83-
final long sslCtx = BoringSSL.SSLContext_new();
84-
try {
85-
// Let's filter out any group that is not supported from the default.
86-
Iterator<String> defaultGroupsIter = defaultConvertedNamedGroups.iterator();
87-
while (defaultGroupsIter.hasNext()) {
88-
if (BoringSSL.SSLContext_set1_groups_list(sslCtx, defaultGroupsIter.next()) == 0) {
89-
// Not supported, let's remove it. This could for example be the case if we use
90-
// fips and the configure group is not supported when using FIPS.
91-
// See https://github.com/netty/netty-tcnative/issues/883
92-
defaultGroupsIter.remove();
83+
// Call Quic.isAvailable() first to ensure native lib is loaded.
84+
// See https://github.com/netty/netty-incubator-codec-quic/issues/759
85+
if (Quic.isAvailable()) {
86+
final long sslCtx = BoringSSL.SSLContext_new();
87+
try {
88+
// Let's filter out any group that is not supported from the default.
89+
Iterator<String> defaultGroupsIter = defaultConvertedNamedGroups.iterator();
90+
while (defaultGroupsIter.hasNext()) {
91+
if (BoringSSL.SSLContext_set1_groups_list(sslCtx, defaultGroupsIter.next()) == 0) {
92+
// Not supported, let's remove it. This could for example be the case if we use
93+
// fips and the configure group is not supported when using FIPS.
94+
// See https://github.com/netty/netty-tcnative/issues/883
95+
defaultGroupsIter.remove();
96+
}
9397
}
94-
}
9598

96-
String groups = SystemPropertyUtil.get("jdk.tls.namedGroups", null);
97-
if (groups != null) {
98-
String[] nGroups = groups.split(",");
99-
Set<String> supportedNamedGroups = new LinkedHashSet<>(nGroups.length);
100-
Set<String> supportedConvertedNamedGroups = new LinkedHashSet<>(nGroups.length);
101-
102-
Set<String> unsupportedNamedGroups = new LinkedHashSet<>();
103-
for (String namedGroup : nGroups) {
104-
String converted = GroupsConverter.toBoringSSL(namedGroup);
105-
if (BoringSSL.SSLContext_set1_groups_list(sslCtx, converted) == 0) {
106-
supportedConvertedNamedGroups.add(converted);
107-
supportedNamedGroups.add(namedGroup);
108-
} else {
109-
unsupportedNamedGroups.add(namedGroup);
99+
String groups = SystemPropertyUtil.get("jdk.tls.namedGroups", null);
100+
if (groups != null) {
101+
String[] nGroups = groups.split(",");
102+
Set<String> supportedNamedGroups = new LinkedHashSet<>(nGroups.length);
103+
Set<String> supportedConvertedNamedGroups = new LinkedHashSet<>(nGroups.length);
104+
105+
Set<String> unsupportedNamedGroups = new LinkedHashSet<>();
106+
for (String namedGroup : nGroups) {
107+
String converted = GroupsConverter.toBoringSSL(namedGroup);
108+
if (BoringSSL.SSLContext_set1_groups_list(sslCtx, converted) == 0) {
109+
supportedConvertedNamedGroups.add(converted);
110+
supportedNamedGroups.add(namedGroup);
111+
} else {
112+
unsupportedNamedGroups.add(namedGroup);
113+
}
110114
}
111-
}
112115

113-
if (supportedNamedGroups.isEmpty()) {
114-
namedGroups = defaultConvertedNamedGroups.toArray(EmptyArrays.EMPTY_STRINGS);
115-
LOGGER.info("All configured namedGroups are not supported: {}. Use default: {}.",
116-
Arrays.toString(unsupportedNamedGroups.toArray(EmptyArrays.EMPTY_STRINGS)),
117-
Arrays.toString(DEFAULT_NAMED_GROUPS));
118-
} else {
119-
String[] groupArray = supportedNamedGroups.toArray(EmptyArrays.EMPTY_STRINGS);
120-
if (unsupportedNamedGroups.isEmpty()) {
121-
LOGGER.info("Using configured namedGroups -D 'jdk.tls.namedGroup': {} ",
122-
Arrays.toString(groupArray));
116+
if (supportedNamedGroups.isEmpty()) {
117+
namedGroups = defaultConvertedNamedGroups.toArray(EmptyArrays.EMPTY_STRINGS);
118+
LOGGER.info("All configured namedGroups are not supported: {}. Use default: {}.",
119+
Arrays.toString(unsupportedNamedGroups.toArray(EmptyArrays.EMPTY_STRINGS)),
120+
Arrays.toString(DEFAULT_NAMED_GROUPS));
123121
} else {
124-
LOGGER.info("Using supported configured namedGroups: {}. Unsupported namedGroups: {}. ",
125-
Arrays.toString(groupArray),
126-
Arrays.toString(unsupportedNamedGroups.toArray(EmptyArrays.EMPTY_STRINGS)));
122+
String[] groupArray = supportedNamedGroups.toArray(EmptyArrays.EMPTY_STRINGS);
123+
if (unsupportedNamedGroups.isEmpty()) {
124+
LOGGER.info("Using configured namedGroups -D 'jdk.tls.namedGroup': {} ",
125+
Arrays.toString(groupArray));
126+
} else {
127+
LOGGER.info("Using supported configured namedGroups: {}. Unsupported namedGroups: {}. ",
128+
Arrays.toString(groupArray),
129+
Arrays.toString(unsupportedNamedGroups.toArray(EmptyArrays.EMPTY_STRINGS)));
130+
}
131+
namedGroups = supportedConvertedNamedGroups.toArray(EmptyArrays.EMPTY_STRINGS);
127132
}
128-
namedGroups = supportedConvertedNamedGroups.toArray(EmptyArrays.EMPTY_STRINGS);
133+
} else {
134+
namedGroups = defaultConvertedNamedGroups.toArray(EmptyArrays.EMPTY_STRINGS);
129135
}
130-
} else {
131-
namedGroups = defaultConvertedNamedGroups.toArray(EmptyArrays.EMPTY_STRINGS);
136+
} finally {
137+
BoringSSL.SSLContext_free(sslCtx);
132138
}
133-
} finally {
134-
BoringSSL.SSLContext_free(sslCtx);
135139
}
136140
NAMED_GROUPS = namedGroups;
137141
}

0 commit comments

Comments
 (0)