Log io.netty.internal.tcnative.SSLContext availability warning only w…

…hen OpenSSL is explicitly enabled but not available Signed-off-by: Andriy Redko <[email protected]>
reta · Nov 13, 2024 · cc2c67e · cc2c67e
1 parent 9b67d54
commit cc2c67e
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 6 deletions.
diff --git a/src/main/java/org/opensearch/security/ssl/SslSettingsManager.java b/src/main/java/org/opensearch/security/ssl/SslSettingsManager.java
@@ -23,6 +23,7 @@
 import org.apache.logging.log4j.Logger;
 
 import org.opensearch.OpenSearchException;
+import org.opensearch.common.Booleans;
 import org.opensearch.common.settings.Settings;
 import org.opensearch.env.Environment;
 import org.opensearch.security.ssl.config.CertType;
@@ -373,11 +374,24 @@ void openSslWarnings(final Settings settings) {
             }
 
             LOGGER.debug("OpenSSL available ciphers {}", OpenSsl.availableOpenSslCipherSuites());
-        } else {
-            LOGGER.warn(
-                "OpenSSL not available (this is not an error, we simply fallback to built-in JDK SSL) because of {}",
-                OpenSsl.unavailabilityCause()
-            );
+        } else  {
+            boolean openSslIsEnabled = false; 
+
+            if (settings.hasValue(SECURITY_SSL_HTTP_ENABLE_OPENSSL_IF_AVAILABLE) == true) {
+                openSslIsEnabled |= Booleans.parseBoolean(settings.get(SECURITY_SSL_HTTP_ENABLE_OPENSSL_IF_AVAILABLE));
+            }
+
+            if (settings.hasValue(SECURITY_SSL_TRANSPORT_ENABLE_OPENSSL_IF_AVAILABLE) == true) {
+                openSslIsEnabled |= Booleans.parseBoolean(settings.get(SECURITY_SSL_TRANSPORT_ENABLE_OPENSSL_IF_AVAILABLE));
+            }
+
+            if (openSslIsEnabled == true) {
+	            /* only print warning if OpenSsl is enabled explicitly but not available */
+	            LOGGER.warn(
+	                "OpenSSL not available (this is not an error, we simply fallback to built-in JDK SSL) because of ",
+	                OpenSsl.unavailabilityCause()
+	            );
+        	}
         }
     }
 

diff --git a/src/main/java/org/opensearch/security/ssl/config/SslParameters.java b/src/main/java/org/opensearch/security/ssl/config/SslParameters.java
@@ -119,7 +119,7 @@ public Loader(final Settings sslConfigSettings) {
 
         private SslProvider provider(final Settings settings) {
             final var useOpenSslIfAvailable = settings.getAsBoolean(ENABLE_OPENSSL_IF_AVAILABLE, true);
-            if (OPENSSL_AVAILABLE && useOpenSslIfAvailable) {
+            if (useOpenSslIfAvailable && OPENSSL_AVAILABLE) {
                 return SslProvider.OPENSSL;
             } else {
                 return SslProvider.JDK;