From 4aa7b1c49b4624a38294fda326fb9d1e892ce70c Mon Sep 17 00:00:00 2001
From: Andriy Redko <andriy.redko@aiven.io>
Date: Thu, 14 Nov 2024 04:11:40 -0500
Subject: [PATCH] Log io.netty.internal.tcnative.SSLContext availability
 warning only when OpenSSL is explicitly enabled but not available (#4901)

Signed-off-by: Andriy Redko <andriy.redko@aiven.io>
---
 .../security/ssl/SslSettingsManager.java      | 22 +++++++++++++++----
 1 file changed, 18 insertions(+), 4 deletions(-)

diff --git a/src/main/java/org/opensearch/security/ssl/SslSettingsManager.java b/src/main/java/org/opensearch/security/ssl/SslSettingsManager.java
index 381c510894..16a05b2f55 100644
--- a/src/main/java/org/opensearch/security/ssl/SslSettingsManager.java
+++ b/src/main/java/org/opensearch/security/ssl/SslSettingsManager.java
@@ -23,6 +23,7 @@
 import org.apache.logging.log4j.Logger;
 
 import org.opensearch.OpenSearchException;
+import org.opensearch.common.Booleans;
 import org.opensearch.common.settings.Settings;
 import org.opensearch.env.Environment;
 import org.opensearch.security.ssl.config.CertType;
@@ -374,10 +375,23 @@ void openSslWarnings(final Settings settings) {
 
             LOGGER.debug("OpenSSL available ciphers {}", OpenSsl.availableOpenSslCipherSuites());
         } else {
-            LOGGER.warn(
-                "OpenSSL not available (this is not an error, we simply fallback to built-in JDK SSL) because of {}",
-                OpenSsl.unavailabilityCause()
-            );
+            boolean openSslIsEnabled = false;
+
+            if (settings.hasValue(SECURITY_SSL_HTTP_ENABLE_OPENSSL_IF_AVAILABLE) == true) {
+                openSslIsEnabled |= Booleans.parseBoolean(settings.get(SECURITY_SSL_HTTP_ENABLE_OPENSSL_IF_AVAILABLE));
+            }
+
+            if (settings.hasValue(SECURITY_SSL_TRANSPORT_ENABLE_OPENSSL_IF_AVAILABLE) == true) {
+                openSslIsEnabled |= Booleans.parseBoolean(settings.get(SECURITY_SSL_TRANSPORT_ENABLE_OPENSSL_IF_AVAILABLE));
+            }
+
+            if (openSslIsEnabled == true) {
+                /* only print warning if OpenSsl is enabled explicitly but not available */
+                LOGGER.warn(
+                    "OpenSSL not available (this is not an error, we simply fallback to built-in JDK SSL) because of ",
+                    OpenSsl.unavailabilityCause()
+                );
+            }
         }
     }