diff --git a/proxy/src/main/java/net/md_5/bungee/http/HttpClient.java b/proxy/src/main/java/net/md_5/bungee/http/HttpClient.java index 93b28b1d..6ad32b5b 100644 --- a/proxy/src/main/java/net/md_5/bungee/http/HttpClient.java +++ b/proxy/src/main/java/net/md_5/bungee/http/HttpClient.java @@ -91,7 +91,7 @@ public class HttpClient } }; - new Bootstrap().channel( PipelineUtils.getChannel() ).group( eventLoop ).handler( new HttpInitializer( callback, ssl ) ). + new Bootstrap().channel( PipelineUtils.getChannel() ).group( eventLoop ).handler( new HttpInitializer( callback, ssl, uri.getHost(), port ) ). option( ChannelOption.CONNECT_TIMEOUT_MILLIS, TIMEOUT ).remoteAddress( inetHost, port ).connect().addListener( future ); } } diff --git a/proxy/src/main/java/net/md_5/bungee/http/HttpInitializer.java b/proxy/src/main/java/net/md_5/bungee/http/HttpInitializer.java index 327bf89d..ea75dfcd 100644 --- a/proxy/src/main/java/net/md_5/bungee/http/HttpInitializer.java +++ b/proxy/src/main/java/net/md_5/bungee/http/HttpInitializer.java @@ -3,12 +3,11 @@ package net.md_5.bungee.http; import io.netty.channel.Channel; import io.netty.channel.ChannelInitializer; import io.netty.handler.codec.http.HttpClientCodec; +import io.netty.handler.ssl.SslContext; import io.netty.handler.ssl.SslHandler; import io.netty.handler.timeout.ReadTimeoutHandler; import java.util.concurrent.TimeUnit; -import javax.net.ssl.SSLContext; import javax.net.ssl.SSLEngine; -import javax.net.ssl.TrustManager; import lombok.RequiredArgsConstructor; import net.md_5.bungee.api.Callback; @@ -18,6 +17,8 @@ public class HttpInitializer extends ChannelInitializer private final Callback callback; private final boolean ssl; + private final String host; + private final int port; @Override protected void initChannel(Channel ch) throws Exception @@ -25,14 +26,7 @@ public class HttpInitializer extends ChannelInitializer ch.pipeline().addLast( "timeout", new ReadTimeoutHandler( HttpClient.TIMEOUT, TimeUnit.MILLISECONDS ) ); if ( ssl ) { - SSLContext context = SSLContext.getInstance( "TLS" ); - context.init( null, new TrustManager[] - { - TrustingX509Manager.getInstance() - }, null ); - - SSLEngine engine = context.createSSLEngine(); - engine.setUseClientMode( true ); + SSLEngine engine = SslContext.newClientContext().newEngine( ch.alloc(), host, port ); ch.pipeline().addLast( "ssl", new SslHandler( engine ) ); } diff --git a/proxy/src/main/java/net/md_5/bungee/http/TrustingX509Manager.java b/proxy/src/main/java/net/md_5/bungee/http/TrustingX509Manager.java deleted file mode 100644 index d0dfa654..00000000 --- a/proxy/src/main/java/net/md_5/bungee/http/TrustingX509Manager.java +++ /dev/null @@ -1,32 +0,0 @@ -package net.md_5.bungee.http; - -import java.security.cert.CertificateException; -import java.security.cert.X509Certificate; -import javax.net.ssl.X509TrustManager; -import lombok.AccessLevel; -import lombok.Getter; -import lombok.NoArgsConstructor; - -@NoArgsConstructor(access = AccessLevel.PRIVATE) -public class TrustingX509Manager implements X509TrustManager -{ - - @Getter - private static final X509TrustManager instance = new TrustingX509Manager(); - - @Override - public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException - { - } - - @Override - public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException - { - } - - @Override - public X509Certificate[] getAcceptedIssuers() - { - return new X509Certificate[ 0 ]; - } -}