diff --git a/src/aleph/http.clj b/src/aleph/http.clj index 08efc6a4..08ad8cf4 100644 --- a/src/aleph/http.clj +++ b/src/aleph/http.clj @@ -229,7 +229,10 @@ (when (and force-h2c? (not-any? #{:http2} http-versions)) (throw (IllegalArgumentException. "force-h2c? may only be true when HTTP/2 is enabled.")))) - (let [log-activity (:log-activity connection-options) + (let [{:keys [log-activity + ssl-context + http-versions] + :or {http-versions [:http1]}} connection-options dns-options' (if-not (and (some? dns-options) (not (or (contains? dns-options :transport) (contains? dns-options :epoll?)))) @@ -242,7 +245,13 @@ (assoc :name-resolver (netty/dns-resolver-group dns-options')) (some? log-activity) - (assoc :log-activity (netty/activity-logger "aleph-client" log-activity))) + (assoc :log-activity (netty/activity-logger "aleph-client" log-activity)) + + (some? ssl-context) + (update :ssl-context + #(-> % + (common/ensure-consistent-alpn-config http-versions) + (netty/coerce-ssl-client-context)))) p (promise) create-pool-fn (or pool-builder-fn flow/instrumented-pool) diff --git a/test/aleph/http_test.clj b/test/aleph/http_test.clj index f04b6d2a..bf14361b 100644 --- a/test/aleph/http_test.clj +++ b/test/aleph/http_test.clj @@ -452,6 +452,37 @@ :body bs/to-string)))))) +(deftest using-input-stream-as-ssl-context-trust-store + (let [num-requests 2 + file-name "test/ca_cert.pem" + client-options (fn [stream] + {:connection-options {:ssl-context {:private-key test-ssl/client-key + :certificate-chain [test-ssl/client-cert] + :trust-store stream}}}) + requests (fn [pool] + (repeatedly num-requests #(http-post "/" + {:body "hello!" + :pool pool})))] + (testing "multiple serial requests without connection reuse" + (with-open [stream (io/input-stream file-name)] + (let [client-pool (http/connection-pool (-> (client-options stream) + (assoc-in [:connection-options :keep-alive?] false)))] + (with-http-ssl-servers echo-handler {} + (is (every? + #{"hello!"} + (->> (requests client-pool) + (mapv (comp bs/to-string :body deref))))))))) + + (testing "multiple concurrent requests" + (with-open [stream (io/input-stream file-name)] + (let [client-pool (http/connection-pool (client-options stream))] + (with-http-ssl-servers echo-handler {} + (is (every? + #{"hello!"} + (->> (requests client-pool) + (doall) + (mapv (comp bs/to-string :body deref))))))))))) + (defn ssl-session-capture-handler [ssl-session-atom] (fn [req] (reset! ssl-session-atom (http.core/ring-request-ssl-session req)) diff --git a/test/ca_cert.pem b/test/ca_cert.pem new file mode 100644 index 00000000..798fa173 --- /dev/null +++ b/test/ca_cert.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIIDyjCCArKgAwIBAgIJAPj8IfB83MXVMA0GCSqGSIb3DQEBCwUAMHIxCzAJBgNV +BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlDdXBlcnRpbm8x +GDAWBgNVBAoMD0JGUCBDb3Jwb3JhdGlvbjEOMAwGA1UECwwFQWxlcGgxEDAOBgNV +BAMMB1Jvb3QgQ0EwHhcNMTYxMTIxMjEzMTIzWhcNMzcwMjI0MjEzMTIzWjByMQsw +CQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJQ3VwZXJ0 +aW5vMRgwFgYDVQQKDA9CRlAgQ29ycG9yYXRpb24xDjAMBgNVBAsMBUFsZXBoMRAw +DgYDVQQDDAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +1kKISz7cCJIU7pk+JBOH8+6UfvtR7BS1hTkWMw+IsTa9O1EJJqEtiJZTF267nLog ++jfUr8AHSTR+qtKkbs77XrOMlaa6Zyq3Z2d/p8R3oUdurg6T3JECGwilYDsEMLNL +XnqnUdkeWQJ7ea7UzgJ7ACZ61I4+Dv9xJQ+5BGMRkH+SUTDQ/um8UmrPxbDDljR7 +TbTY7WtAPbxbALrEKA5EfNS1vdcYCfguN0BUcHaHEiBDAIU7IXZigdPBnSTDHhqB +YHjmgQZ9U/ojrvmjG9lsG6X5WGj5H1SZCmpWbp+WiNEgHckzhRkCKU5V53mpqcrF +Q5WJjAHGQrBF7CD1IUj6VwIDAQABo2MwYTAdBgNVHQ4EFgQUHZFU7TsvVmLorae0 +LntY0bhIRwIwHwYDVR0jBBgwFoAUHZFU7TsvVmLorae0LntY0bhIRwIwDwYDVR0T +AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggEBACfu +Sp0gy8QI1BP6bAueT6/t7Nz2Yg2kwbIXac5sanLc9MjhjG/EjLrkwhCpEVEfFrKD +Bl/s0wdYoHcVTDlev4H3QOM4WeciaSUsEytihhey72f89ZyvQ+FGbif2BXNk4kPN +0eo3t5TXS8Fw/iBi371KZo4jTpdsB0Y3fwKtXw8ieUAlaF86yGHA9bMF7eGXorpS +hEJ8JRWWy2pV9WtkYw+tBWj7PtXQAIUx4t+J3+B9pSUyHxxArKmZUKa3GpJzBAKX +TLHddtadJLqptjZ6pq7OSiihAs3fxVF+TGDJyPyk8K48y9G2MinrYXVzKHeQWqPT +rO0jz1F4FL9LiD+HwLc= +-----END CERTIFICATE-----