From d7f951a9d8a259682b786b711cd7431834a283cd Mon Sep 17 00:00:00 2001 From: sanjaypujare Date: Fri, 7 Jan 2022 15:34:59 -0800 Subject: [PATCH] all: update netty to 4.1.72.Final and tcnative to 2.0.46.Final (#8780) --- SECURITY.md | 3 ++- build.gradle | 4 ++-- buildscripts/kokoro/macos.cfg | 1 + .../java/io/grpc/netty/NettyTestUtil.java | 4 +++- .../grpc/netty/ProtocolNegotiatorsTest.java | 14 ++++++++++- repositories.bzl | 24 +++++++++---------- 6 files changed, 33 insertions(+), 17 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index df9061eab8..44efbe8d42 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -409,7 +409,8 @@ grpc-netty version | netty-handler version | netty-tcnative-boringssl-static ver 1.29.x-1.31.x | 4.1.48.Final | 2.0.30.Final 1.32.x-1.34.x | 4.1.51.Final | 2.0.31.Final 1.35.x-1.41.x | 4.1.52.Final | 2.0.34.Final -1.42.x- | 4.1.63.Final | 2.0.38.Final +1.42.x-1.43.x | 4.1.63.Final | 2.0.38.Final +1.44.x | 4.1.72.Final | 2.0.46.Final _(grpc-netty-shaded avoids issues with keeping these versions in sync.)_ diff --git a/build.gradle b/build.gradle index 84b281bc94..fa281a3a0d 100644 --- a/build.gradle +++ b/build.gradle @@ -54,7 +54,7 @@ subprojects { protocPluginBaseName = 'protoc-gen-grpc-java' javaPluginPath = "$rootDir/compiler/build/exe/java_plugin/$protocPluginBaseName$exeSuffix" - nettyVersion = '4.1.63.Final' + nettyVersion = '4.1.72.Final' guavaVersion = '30.1.1-android' googleauthVersion = '0.22.2' protobufVersion = '3.19.2' @@ -176,7 +176,7 @@ subprojects { // SECURITY.md (multiple occurrences) // examples/example-tls/build.gradle // examples/example-tls/pom.xml - netty_tcnative: 'io.netty:netty-tcnative-boringssl-static:2.0.38.Final', + netty_tcnative: 'io.netty:netty-tcnative-boringssl-static:2.0.46.Final', conscrypt: 'org.conscrypt:conscrypt-openjdk-uber:2.5.1', re2j: 'com.google.re2j:re2j:1.5', diff --git a/buildscripts/kokoro/macos.cfg b/buildscripts/kokoro/macos.cfg index 310e113041..a6bf290d1e 100644 --- a/buildscripts/kokoro/macos.cfg +++ b/buildscripts/kokoro/macos.cfg @@ -15,6 +15,7 @@ env_vars { # We always build mvn artifacts. action { define_artifacts { + regex: "github/grpc-java/**/build/reports/**" regex: "github/grpc-java/mvn-artifacts/**" } } diff --git a/netty/src/test/java/io/grpc/netty/NettyTestUtil.java b/netty/src/test/java/io/grpc/netty/NettyTestUtil.java index d030f53d11..802a6efcd5 100644 --- a/netty/src/test/java/io/grpc/netty/NettyTestUtil.java +++ b/netty/src/test/java/io/grpc/netty/NettyTestUtil.java @@ -67,7 +67,9 @@ public class NettyTestUtil { inUse = true; return new Executor() { @Override - public void execute(Runnable var1) { } + public void execute(Runnable var1) { + var1.run(); + } }; } diff --git a/netty/src/test/java/io/grpc/netty/ProtocolNegotiatorsTest.java b/netty/src/test/java/io/grpc/netty/ProtocolNegotiatorsTest.java index d333d1cc8c..ca1ccde101 100644 --- a/netty/src/test/java/io/grpc/netty/ProtocolNegotiatorsTest.java +++ b/netty/src/test/java/io/grpc/netty/ProtocolNegotiatorsTest.java @@ -48,6 +48,7 @@ import io.grpc.SecurityLevel; import io.grpc.ServerCredentials; import io.grpc.ServerStreamTracer; import io.grpc.Status; +import io.grpc.StatusException; import io.grpc.StatusRuntimeException; import io.grpc.TlsChannelCredentials; import io.grpc.TlsServerCredentials; @@ -132,6 +133,7 @@ import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLException; +import javax.net.ssl.SSLHandshakeException; import javax.net.ssl.SSLSession; import javax.net.ssl.TrustManagerFactory; import org.junit.After; @@ -415,7 +417,17 @@ public class ProtocolNegotiatorsTest { .trustManager(caCert) .build(); Status status = expectFailedHandshake(channelCreds, serverCreds); - assertThat(status.getDescription()).isEqualTo("ssl exception"); + assertEquals(Status.Code.UNAVAILABLE, status.getCode()); + StatusException sre = status.asException(); + // because of netty/netty#11604 we need to check for both TLSv1.2 and v1.3 behaviors + if (sre.getCause() instanceof SSLHandshakeException) { + assertThat(sre).hasCauseThat().isInstanceOf(SSLHandshakeException.class); + assertThat(sre).hasCauseThat().hasMessageThat().contains("SSLV3_ALERT_HANDSHAKE_FAILURE"); + } else { + // Client cert verification is after handshake in TLSv1.3 + assertThat(sre).hasCauseThat().hasCauseThat().isInstanceOf(SSLException.class); + assertThat(sre).hasCauseThat().hasMessageThat().contains("CERTIFICATE_REQUIRED"); + } } @Test diff --git a/repositories.bzl b/repositories.bzl index e5e5ccb0a5..8ad5f109e6 100644 --- a/repositories.bzl +++ b/repositories.bzl @@ -25,18 +25,18 @@ IO_GRPC_GRPC_JAVA_ARTIFACTS = [ "com.google.truth:truth:1.0.1", "com.squareup.okhttp:okhttp:2.7.4", "com.squareup.okio:okio:1.17.5", - "io.netty:netty-buffer:4.1.63.Final", - "io.netty:netty-codec-http2:4.1.63.Final", - "io.netty:netty-codec-http:4.1.63.Final", - "io.netty:netty-codec-socks:4.1.63.Final", - "io.netty:netty-codec:4.1.63.Final", - "io.netty:netty-common:4.1.63.Final", - "io.netty:netty-handler-proxy:4.1.63.Final", - "io.netty:netty-handler:4.1.63.Final", - "io.netty:netty-resolver:4.1.63.Final", - "io.netty:netty-tcnative-boringssl-static:2.0.38.Final", - "io.netty:netty-transport-native-epoll:jar:linux-x86_64:4.1.63.Final", - "io.netty:netty-transport:4.1.63.Final", + "io.netty:netty-buffer:4.1.72.Final", + "io.netty:netty-codec-http2:4.1.72.Final", + "io.netty:netty-codec-http:4.1.72.Final", + "io.netty:netty-codec-socks:4.1.72.Final", + "io.netty:netty-codec:4.1.72.Final", + "io.netty:netty-common:4.1.72.Final", + "io.netty:netty-handler-proxy:4.1.72.Final", + "io.netty:netty-handler:4.1.72.Final", + "io.netty:netty-resolver:4.1.72.Final", + "io.netty:netty-tcnative-boringssl-static:2.0.46.Final", + "io.netty:netty-transport-native-epoll:jar:linux-x86_64:4.1.72.Final", + "io.netty:netty-transport:4.1.72.Final", "io.opencensus:opencensus-api:0.24.0", "io.opencensus:opencensus-contrib-grpc-metrics:0.24.0", "io.perfmark:perfmark-api:0.23.0",