From cc2c67e73bc62de391a609d60d76ae510d059caa Mon Sep 17 00:00:00 2001 From: Andriy Redko Date: Wed, 13 Nov 2024 12:21:17 -0500 Subject: [PATCH] Log io.netty.internal.tcnative.SSLContext availability warning only when OpenSSL is explicitly enabled but not available Signed-off-by: Andriy Redko --- .../security/ssl/SslSettingsManager.java | 24 +++++++++++++++---- .../security/ssl/config/SslParameters.java | 2 +- 2 files changed, 20 insertions(+), 6 deletions(-) diff --git a/src/main/java/org/opensearch/security/ssl/SslSettingsManager.java b/src/main/java/org/opensearch/security/ssl/SslSettingsManager.java index 381c510894..fbd13eea17 100644 --- a/src/main/java/org/opensearch/security/ssl/SslSettingsManager.java +++ b/src/main/java/org/opensearch/security/ssl/SslSettingsManager.java @@ -23,6 +23,7 @@ import org.apache.logging.log4j.Logger; import org.opensearch.OpenSearchException; +import org.opensearch.common.Booleans; import org.opensearch.common.settings.Settings; import org.opensearch.env.Environment; import org.opensearch.security.ssl.config.CertType; @@ -373,11 +374,24 @@ void openSslWarnings(final Settings settings) { } LOGGER.debug("OpenSSL available ciphers {}", OpenSsl.availableOpenSslCipherSuites()); - } else { - LOGGER.warn( - "OpenSSL not available (this is not an error, we simply fallback to built-in JDK SSL) because of {}", - OpenSsl.unavailabilityCause() - ); + } else { + boolean openSslIsEnabled = false; + + if (settings.hasValue(SECURITY_SSL_HTTP_ENABLE_OPENSSL_IF_AVAILABLE) == true) { + openSslIsEnabled |= Booleans.parseBoolean(settings.get(SECURITY_SSL_HTTP_ENABLE_OPENSSL_IF_AVAILABLE)); + } + + if (settings.hasValue(SECURITY_SSL_TRANSPORT_ENABLE_OPENSSL_IF_AVAILABLE) == true) { + openSslIsEnabled |= Booleans.parseBoolean(settings.get(SECURITY_SSL_TRANSPORT_ENABLE_OPENSSL_IF_AVAILABLE)); + } + + if (openSslIsEnabled == true) { + /* only print warning if OpenSsl is enabled explicitly but not available */ + LOGGER.warn( + "OpenSSL not available (this is not an error, we simply fallback to built-in JDK SSL) because of ", + OpenSsl.unavailabilityCause() + ); + } } } diff --git a/src/main/java/org/opensearch/security/ssl/config/SslParameters.java b/src/main/java/org/opensearch/security/ssl/config/SslParameters.java index a31b14723b..b5540cc6aa 100644 --- a/src/main/java/org/opensearch/security/ssl/config/SslParameters.java +++ b/src/main/java/org/opensearch/security/ssl/config/SslParameters.java @@ -119,7 +119,7 @@ public Loader(final Settings sslConfigSettings) { private SslProvider provider(final Settings settings) { final var useOpenSslIfAvailable = settings.getAsBoolean(ENABLE_OPENSSL_IF_AVAILABLE, true); - if (OPENSSL_AVAILABLE && useOpenSslIfAvailable) { + if (useOpenSslIfAvailable && OPENSSL_AVAILABLE) { return SslProvider.OPENSSL; } else { return SslProvider.JDK;