[libokhttp-java] 07/09: Add no-Conscrypt.patch
Markus Koschany
apo at moszumanska.debian.org
Sat Mar 3 22:09:05 GMT 2018
This is an automated email from the git hooks/post-receive script.
apo pushed a commit to branch master
in repository libokhttp-java.
commit 960bb56a846f7665aacb696a4536696fe1270f3f
Author: Markus Koschany <apo at debian.org>
Date: Sat Mar 3 18:20:17 2018 +0100
Add no-Conscrypt.patch
---
debian/patches/no-Conscrypt.patch | 142 ++++++++++++++++++++++++++
debian/patches/no-javac-with-errorprone.patch | 2 +-
debian/patches/series | 1 +
3 files changed, 144 insertions(+), 1 deletion(-)
diff --git a/debian/patches/no-Conscrypt.patch b/debian/patches/no-Conscrypt.patch
new file mode 100644
index 0000000..fa40635
--- /dev/null
+++ b/debian/patches/no-Conscrypt.patch
@@ -0,0 +1,142 @@
+From: Markus Koschany <apo at debian.org>
+Date: Sat, 3 Mar 2018 18:20:00 +0100
+Subject: no Conscrypt
+
+Conscrypt is not available in Debian.
+---
+ .../internal/platform/ConscryptPlatform.java | 112 ---------------------
+ .../java/okhttp3/internal/platform/Platform.java | 2 +-
+ 2 files changed, 1 insertion(+), 113 deletions(-)
+ delete mode 100644 okhttp/src/main/java/okhttp3/internal/platform/ConscryptPlatform.java
+
+diff --git a/okhttp/src/main/java/okhttp3/internal/platform/ConscryptPlatform.java b/okhttp/src/main/java/okhttp3/internal/platform/ConscryptPlatform.java
+deleted file mode 100644
+index a1d77a1..0000000
+--- a/okhttp/src/main/java/okhttp3/internal/platform/ConscryptPlatform.java
++++ /dev/null
+@@ -1,112 +0,0 @@
+-/*
+- * Copyright (C) 2014 Square, Inc.
+- *
+- * Licensed under the Apache License, Version 2.0 (the "License");
+- * you may not use this file except in compliance with the License.
+- * You may obtain a copy of the License at
+- *
+- * http://www.apache.org/licenses/LICENSE-2.0
+- *
+- * Unless required by applicable law or agreed to in writing, software
+- * distributed under the License is distributed on an "AS IS" BASIS,
+- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+- * See the License for the specific language governing permissions and
+- * limitations under the License.
+- */
+-package okhttp3.internal.platform;
+-
+-import java.security.NoSuchAlgorithmException;
+-import java.security.Provider;
+-import java.util.List;
+-import javax.annotation.Nullable;
+-import javax.net.ssl.SSLContext;
+-import javax.net.ssl.SSLSocket;
+-import javax.net.ssl.SSLSocketFactory;
+-import javax.net.ssl.X509TrustManager;
+-import okhttp3.Protocol;
+-import org.conscrypt.Conscrypt;
+-import org.conscrypt.OpenSSLProvider;
+-
+-/**
+- * Platform using Conscrypt (conscrypt.org) if installed as the first Security Provider.
+- *
+- * Requires org.conscrypt:conscrypt-openjdk-uber on the classpath.
+- */
+-public class ConscryptPlatform extends Platform {
+- private ConscryptPlatform() {
+- }
+-
+- private Provider getProvider() {
+- return new OpenSSLProvider();
+- }
+-
+- @Override public X509TrustManager trustManager(SSLSocketFactory sslSocketFactory) {
+- if (!Conscrypt.isConscrypt(sslSocketFactory)) {
+- return super.trustManager(sslSocketFactory);
+- }
+-
+- try {
+- // org.conscrypt.SSLParametersImpl
+- Object sp =
+- readFieldOrNull(sslSocketFactory, Object.class, "sslParameters");
+-
+- if (sp != null) {
+- return readFieldOrNull(sp, X509TrustManager.class, "x509TrustManager");
+- }
+-
+- return null;
+- } catch (Exception e) {
+- throw new UnsupportedOperationException(
+- "clientBuilder.sslSocketFactory(SSLSocketFactory) not supported on Conscrypt", e);
+- }
+- }
+-
+- @Override public void configureTlsExtensions(
+- SSLSocket sslSocket, String hostname, List<Protocol> protocols) {
+- if (Conscrypt.isConscrypt(sslSocket)) {
+- // Enable SNI and session tickets.
+- if (hostname != null) {
+- Conscrypt.setUseSessionTickets(sslSocket, true);
+- Conscrypt.setHostname(sslSocket, hostname);
+- }
+-
+- // Enable ALPN.
+- List<String> names = Platform.alpnProtocolNames(protocols);
+- Conscrypt.setApplicationProtocols(sslSocket, names.toArray(new String[0]));
+- } else {
+- super.configureTlsExtensions(sslSocket, hostname, protocols);
+- }
+- }
+-
+- @Override public @Nullable String getSelectedProtocol(SSLSocket sslSocket) {
+- if (Conscrypt.isConscrypt(sslSocket)) {
+- return Conscrypt.getApplicationProtocol(sslSocket);
+- } else {
+- return super.getSelectedProtocol(sslSocket);
+- }
+- }
+-
+- @Override public SSLContext getSSLContext() {
+- try {
+- return SSLContext.getInstance("TLS", getProvider());
+- } catch (NoSuchAlgorithmException e) {
+- throw new IllegalStateException("No TLS provider", e);
+- }
+- }
+-
+- public static Platform buildIfSupported() {
+- try {
+- // trigger early exception over a fatal error
+- Class.forName("org.conscrypt.ConscryptEngineSocket");
+-
+- if (!Conscrypt.isAvailable()) {
+- return null;
+- }
+-
+- Conscrypt.setUseEngineSocketByDefault(true);
+- return new ConscryptPlatform();
+- } catch (ClassNotFoundException e) {
+- return null;
+- }
+- }
+-}
+diff --git a/okhttp/src/main/java/okhttp3/internal/platform/Platform.java b/okhttp/src/main/java/okhttp3/internal/platform/Platform.java
+index 04072f4..0aa3ad3 100644
+--- a/okhttp/src/main/java/okhttp3/internal/platform/Platform.java
++++ b/okhttp/src/main/java/okhttp3/internal/platform/Platform.java
+@@ -203,7 +203,7 @@ public class Platform {
+ }
+
+ if (isConscryptPreferred()) {
+- Platform conscrypt = ConscryptPlatform.buildIfSupported();
++ Platform conscrypt = null;
+
+ if (conscrypt != null) {
+ return conscrypt;
diff --git a/debian/patches/no-javac-with-errorprone.patch b/debian/patches/no-javac-with-errorprone.patch
index 60af5af..67a7991 100644
--- a/debian/patches/no-javac-with-errorprone.patch
+++ b/debian/patches/no-javac-with-errorprone.patch
@@ -8,7 +8,7 @@ Not yet packaged for Debian?
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
-index fe391b8..09a9b4d 100644
+index 8b87c20..8580d56 100644
--- a/pom.xml
+++ b/pom.xml
@@ -137,7 +137,7 @@
diff --git a/debian/patches/series b/debian/patches/series
index d09c6cd..0a8be1d 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1 +1,2 @@
no-javac-with-errorprone.patch
+no-Conscrypt.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-java/libokhttp-java.git
More information about the pkg-java-commits
mailing list