Skip to content

Commit

Permalink
Log io.netty.internal.tcnative.SSLContext availability warning only w…
Browse files Browse the repository at this point in the history
…hen OpenSSL is explicitly enabled but not available

Signed-off-by: Andriy Redko <[email protected]>
  • Loading branch information
reta committed Nov 13, 2024
1 parent 9b67d54 commit 966634d
Showing 1 changed file with 18 additions and 4 deletions.
22 changes: 18 additions & 4 deletions src/main/java/org/opensearch/security/ssl/SslSettingsManager.java
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@
import org.apache.logging.log4j.Logger;

import org.opensearch.OpenSearchException;
import org.opensearch.common.Booleans;
import org.opensearch.common.settings.Settings;
import org.opensearch.env.Environment;
import org.opensearch.security.ssl.config.CertType;
Expand Down Expand Up @@ -374,10 +375,23 @@ void openSslWarnings(final Settings settings) {

LOGGER.debug("OpenSSL available ciphers {}", OpenSsl.availableOpenSslCipherSuites());
} else {
LOGGER.warn(
"OpenSSL not available (this is not an error, we simply fallback to built-in JDK SSL) because of {}",
OpenSsl.unavailabilityCause()
);
boolean openSslIsEnabled = false;

if (settings.hasValue(SECURITY_SSL_HTTP_ENABLE_OPENSSL_IF_AVAILABLE) == true) {
openSslIsEnabled |= Booleans.parseBoolean(settings.get(SECURITY_SSL_HTTP_ENABLE_OPENSSL_IF_AVAILABLE));
}

if (settings.hasValue(SECURITY_SSL_TRANSPORT_ENABLE_OPENSSL_IF_AVAILABLE) == true) {
openSslIsEnabled |= Booleans.parseBoolean(settings.get(SECURITY_SSL_TRANSPORT_ENABLE_OPENSSL_IF_AVAILABLE));
}

if (openSslIsEnabled == true) {
/* only print warning if OpenSsl is enabled explicitly but not available */
LOGGER.warn(
"OpenSSL not available (this is not an error, we simply fallback to built-in JDK SSL) because of ",
OpenSsl.unavailabilityCause()
);
}
}
}

Expand Down

0 comments on commit 966634d

Please sign in to comment.