diff --git a/SECURITY.md b/SECURITY.md index df9061eab8f..44efbe8d42e 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -409,7 +409,8 @@ grpc-netty version | netty-handler version | netty-tcnative-boringssl-static ver 1.29.x-1.31.x | 4.1.48.Final | 2.0.30.Final 1.32.x-1.34.x | 4.1.51.Final | 2.0.31.Final 1.35.x-1.41.x | 4.1.52.Final | 2.0.34.Final -1.42.x- | 4.1.63.Final | 2.0.38.Final +1.42.x-1.43.x | 4.1.63.Final | 2.0.38.Final +1.44.x | 4.1.72.Final | 2.0.46.Final _(grpc-netty-shaded avoids issues with keeping these versions in sync.)_ diff --git a/build.gradle b/build.gradle index e3dcad2a0de..79e3139a587 100644 --- a/build.gradle +++ b/build.gradle @@ -54,7 +54,7 @@ subprojects { protocPluginBaseName = 'protoc-gen-grpc-java' javaPluginPath = "$rootDir/compiler/build/exe/java_plugin/$protocPluginBaseName$exeSuffix" - nettyVersion = '4.1.63.Final' + nettyVersion = '4.1.72.Final' guavaVersion = '30.1.1-android' googleauthVersion = '0.22.2' protobufVersion = '3.19.1' @@ -176,7 +176,7 @@ subprojects { // SECURITY.md (multiple occurrences) // examples/example-tls/build.gradle // examples/example-tls/pom.xml - netty_tcnative: 'io.netty:netty-tcnative-boringssl-static:2.0.38.Final', + netty_tcnative: 'io.netty:netty-tcnative-boringssl-static:2.0.46.Final', conscrypt: 'org.conscrypt:conscrypt-openjdk-uber:2.5.1', re2j: 'com.google.re2j:re2j:1.5', diff --git a/buildscripts/kokoro/macos.cfg b/buildscripts/kokoro/macos.cfg index 310e1130416..a6bf290d1ec 100644 --- a/buildscripts/kokoro/macos.cfg +++ b/buildscripts/kokoro/macos.cfg @@ -15,6 +15,7 @@ env_vars { # We always build mvn artifacts. action { define_artifacts { + regex: "github/grpc-java/**/build/reports/**" regex: "github/grpc-java/mvn-artifacts/**" } } diff --git a/buildscripts/kokoro/unix.sh b/buildscripts/kokoro/unix.sh index 1de35827809..61d65324a07 100755 --- a/buildscripts/kokoro/unix.sh +++ b/buildscripts/kokoro/unix.sh @@ -24,6 +24,9 @@ fi cd $(dirname $0)/../.. # TODO(zpencer): always make sure we are using Oracle jdk8 +if [[ -f /usr/libexec/java_home ]]; then + JAVA_HOME=$(/usr/libexec/java_home -v"1.8.0") +fi # ARCH is x86_64 unless otherwise specified. ARCH="${ARCH:-x86_64}" diff --git a/netty/src/test/java/io/grpc/netty/NettyTestUtil.java b/netty/src/test/java/io/grpc/netty/NettyTestUtil.java index d030f53d118..802a6efcd58 100644 --- a/netty/src/test/java/io/grpc/netty/NettyTestUtil.java +++ b/netty/src/test/java/io/grpc/netty/NettyTestUtil.java @@ -67,7 +67,9 @@ public Executor getObject() { inUse = true; return new Executor() { @Override - public void execute(Runnable var1) { } + public void execute(Runnable var1) { + var1.run(); + } }; } diff --git a/netty/src/test/java/io/grpc/netty/ProtocolNegotiatorsTest.java b/netty/src/test/java/io/grpc/netty/ProtocolNegotiatorsTest.java index d333d1cc8c6..ca1ccde101c 100644 --- a/netty/src/test/java/io/grpc/netty/ProtocolNegotiatorsTest.java +++ b/netty/src/test/java/io/grpc/netty/ProtocolNegotiatorsTest.java @@ -48,6 +48,7 @@ import io.grpc.ServerCredentials; import io.grpc.ServerStreamTracer; import io.grpc.Status; +import io.grpc.StatusException; import io.grpc.StatusRuntimeException; import io.grpc.TlsChannelCredentials; import io.grpc.TlsServerCredentials; @@ -132,6 +133,7 @@ import javax.net.ssl.SSLContext; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLException; +import javax.net.ssl.SSLHandshakeException; import javax.net.ssl.SSLSession; import javax.net.ssl.TrustManagerFactory; import org.junit.After; @@ -415,7 +417,17 @@ public void from_tls_clientAuthRequire_noClientCert() throws Exception { .trustManager(caCert) .build(); Status status = expectFailedHandshake(channelCreds, serverCreds); - assertThat(status.getDescription()).isEqualTo("ssl exception"); + assertEquals(Status.Code.UNAVAILABLE, status.getCode()); + StatusException sre = status.asException(); + // because of netty/netty#11604 we need to check for both TLSv1.2 and v1.3 behaviors + if (sre.getCause() instanceof SSLHandshakeException) { + assertThat(sre).hasCauseThat().isInstanceOf(SSLHandshakeException.class); + assertThat(sre).hasCauseThat().hasMessageThat().contains("SSLV3_ALERT_HANDSHAKE_FAILURE"); + } else { + // Client cert verification is after handshake in TLSv1.3 + assertThat(sre).hasCauseThat().hasCauseThat().isInstanceOf(SSLException.class); + assertThat(sre).hasCauseThat().hasMessageThat().contains("CERTIFICATE_REQUIRED"); + } } @Test diff --git a/repositories.bzl b/repositories.bzl index 6e9caf9409d..4847adf651e 100644 --- a/repositories.bzl +++ b/repositories.bzl @@ -25,18 +25,18 @@ IO_GRPC_GRPC_JAVA_ARTIFACTS = [ "com.google.truth:truth:1.0.1", "com.squareup.okhttp:okhttp:2.7.4", "com.squareup.okio:okio:1.17.5", - "io.netty:netty-buffer:4.1.63.Final", - "io.netty:netty-codec-http2:4.1.63.Final", - "io.netty:netty-codec-http:4.1.63.Final", - "io.netty:netty-codec-socks:4.1.63.Final", - "io.netty:netty-codec:4.1.63.Final", - "io.netty:netty-common:4.1.63.Final", - "io.netty:netty-handler-proxy:4.1.63.Final", - "io.netty:netty-handler:4.1.63.Final", - "io.netty:netty-resolver:4.1.63.Final", - "io.netty:netty-tcnative-boringssl-static:2.0.38.Final", - "io.netty:netty-transport-native-epoll:jar:linux-x86_64:4.1.63.Final", - "io.netty:netty-transport:4.1.63.Final", + "io.netty:netty-buffer:4.1.72.Final", + "io.netty:netty-codec-http2:4.1.72.Final", + "io.netty:netty-codec-http:4.1.72.Final", + "io.netty:netty-codec-socks:4.1.72.Final", + "io.netty:netty-codec:4.1.72.Final", + "io.netty:netty-common:4.1.72.Final", + "io.netty:netty-handler-proxy:4.1.72.Final", + "io.netty:netty-handler:4.1.72.Final", + "io.netty:netty-resolver:4.1.72.Final", + "io.netty:netty-tcnative-boringssl-static:2.0.46.Final", + "io.netty:netty-transport-native-epoll:jar:linux-x86_64:4.1.72.Final", + "io.netty:netty-transport:4.1.72.Final", "io.opencensus:opencensus-api:0.24.0", "io.opencensus:opencensus-contrib-grpc-metrics:0.24.0", "io.perfmark:perfmark-api:0.23.0",