From c697c94375908540efe92fe26cd6e0e019495138 Mon Sep 17 00:00:00 2001 From: Jeffrey Bahr <111525238+j-bahr@users.noreply.github.com> Date: Wed, 14 Sep 2022 23:24:56 -0700 Subject: [PATCH 1/2] Get SslHandler by name for ALPN in HttpClientChannelInitializer Switch to accessing the SslHandler by name in client ALPN. This should always return the SslHandler for remote endpoint. If we don't do this, the pipeline will always return the first SslHandler in the pipeline. When talking through a TLS enabled forward proxy there may be more than one SslHandler present in the pipeline. This change ensures that we always get the SslHandler for the remote HTTP endpoint and not an intermediary, ensuring we set the correct negotiated protocol. Fixes reactor/reactor-netty#2480 --- .../netty/http/client/HttpClientConfig.java | 41 ++++++++++--------- 1 file changed, 22 insertions(+), 19 deletions(-) diff --git a/reactor-netty-http/src/main/java/reactor/netty/http/client/HttpClientConfig.java b/reactor-netty-http/src/main/java/reactor/netty/http/client/HttpClientConfig.java index 8788551a1a..7dce752f36 100644 --- a/reactor-netty-http/src/main/java/reactor/netty/http/client/HttpClientConfig.java +++ b/reactor-netty-http/src/main/java/reactor/netty/http/client/HttpClientConfig.java @@ -867,27 +867,30 @@ static final class H2OrHttp11Codec extends ChannelInboundHandlerAdapter { @Override public void channelActive(ChannelHandlerContext ctx) { - SslHandler sslHandler = ctx.pipeline().get(SslHandler.class); - if (sslHandler == null) { - throw new IllegalStateException("Cannot determine negotiated application-level protocol."); - } - String protocol = sslHandler.applicationProtocol() != null ? sslHandler.applicationProtocol() : ApplicationProtocolNames.HTTP_1_1; - if (log.isDebugEnabled()) { - log.debug(format(ctx.channel(), "Negotiated application-level protocol [" + protocol + "]")); - } - if (ApplicationProtocolNames.HTTP_2.equals(protocol)) { - configureHttp2Pipeline(ctx.channel().pipeline(), acceptGzip, decoder, http2Settings, observer); - } - else if (ApplicationProtocolNames.HTTP_1_1.equals(protocol)) { - configureHttp11Pipeline(ctx.channel().pipeline(), acceptGzip, decoder, metricsRecorder, uriTagValue); - } - else { - throw new IllegalStateException("unknown protocol: " + protocol); - } + ChannelHandler handler = ctx.pipeline().get(NettyPipeline.SslHandler); + if (handler instanceof SslHandler) { + SslHandler sslHandler = (SslHandler) handler; - ctx.fireChannelActive(); + String protocol = sslHandler.applicationProtocol() != null ? sslHandler.applicationProtocol() : ApplicationProtocolNames.HTTP_1_1; + if (log.isDebugEnabled()) { + log.debug(format(ctx.channel(), "Negotiated application-level protocol [" + protocol + "]")); + } + if (ApplicationProtocolNames.HTTP_2.equals(protocol)) { + configureHttp2Pipeline(ctx.channel().pipeline(), acceptGzip, decoder, http2Settings, observer); + } + else if (ApplicationProtocolNames.HTTP_1_1.equals(protocol)) { + configureHttp11Pipeline(ctx.channel().pipeline(), acceptGzip, decoder, metricsRecorder, uriTagValue); + } + else { + throw new IllegalStateException("unknown protocol: " + protocol); + } - ctx.channel().pipeline().remove(this); + ctx.fireChannelActive(); + + ctx.channel().pipeline().remove(this); + } else { + throw new IllegalStateException("Cannot determine negotiated application-level protocol."); + } } } From 458a7f48391593d68322aea2427634adf032fd4f Mon Sep 17 00:00:00 2001 From: Violeta Georgieva Date: Thu, 15 Sep 2022 12:37:44 +0300 Subject: [PATCH 2/2] Update reactor-netty-http/src/main/java/reactor/netty/http/client/HttpClientConfig.java --- .../main/java/reactor/netty/http/client/HttpClientConfig.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/reactor-netty-http/src/main/java/reactor/netty/http/client/HttpClientConfig.java b/reactor-netty-http/src/main/java/reactor/netty/http/client/HttpClientConfig.java index 7dce752f36..105b92a5e8 100644 --- a/reactor-netty-http/src/main/java/reactor/netty/http/client/HttpClientConfig.java +++ b/reactor-netty-http/src/main/java/reactor/netty/http/client/HttpClientConfig.java @@ -888,7 +888,8 @@ else if (ApplicationProtocolNames.HTTP_1_1.equals(protocol)) { ctx.fireChannelActive(); ctx.channel().pipeline().remove(this); - } else { + } + else { throw new IllegalStateException("Cannot determine negotiated application-level protocol."); } }