diff options
author | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2021-04-12 11:59:28 +0200 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2021-04-12 11:59:28 +0200 |
commit | 11d7ec6b4c909845d1f19ec9056a75c7571054d6 (patch) | |
tree | 3674088d4eca75a7958595fd49c23740098e9008 /config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl | |
parent | 8dc926818cdddde34fb287b215203dde02216f8d (diff) |
Add feature flag to enable HTTP/2 for jdisc
Diffstat (limited to 'config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl')
-rw-r--r-- | config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java | 21 |
1 files changed, 13 insertions, 8 deletions
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java b/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java index 30ebb843aa7..51570cac4a7 100644 --- a/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java +++ b/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java @@ -29,27 +29,32 @@ public class HostedSslConnectorFactory extends ConnectorFactory { * Create connector factory that uses a certificate provided by the config-model / configserver and default hosted Vespa truststore. */ public static HostedSslConnectorFactory withProvidedCertificate( - String serverName, EndpointCertificateSecrets endpointCertificateSecrets, boolean enforceHandshakeClientAuth) { - return new HostedSslConnectorFactory(createConfiguredDirectSslProvider(serverName, endpointCertificateSecrets, DEFAULT_HOSTED_TRUSTSTORE, /*tlsCaCertificates*/null, enforceHandshakeClientAuth), false, enforceHandshakeClientAuth); + String serverName, EndpointCertificateSecrets endpointCertificateSecrets, boolean enforceHandshakeClientAuth, boolean enableHttp2) { + ConfiguredDirectSslProvider sslProvider = createConfiguredDirectSslProvider( + serverName, endpointCertificateSecrets, DEFAULT_HOSTED_TRUSTSTORE, /*tlsCaCertificates*/null, enforceHandshakeClientAuth); + return new HostedSslConnectorFactory(sslProvider, false, enforceHandshakeClientAuth, enableHttp2); } /** * Create connector factory that uses a certificate provided by the config-model / configserver and a truststore configured by the application. */ public static HostedSslConnectorFactory withProvidedCertificateAndTruststore( - String serverName, EndpointCertificateSecrets endpointCertificateSecrets, String tlsCaCertificates) { - return new HostedSslConnectorFactory(createConfiguredDirectSslProvider(serverName, endpointCertificateSecrets, /*tlsCaCertificatesPath*/null, tlsCaCertificates, false), true, false); + String serverName, EndpointCertificateSecrets endpointCertificateSecrets, String tlsCaCertificates, boolean enableHttp2) { + ConfiguredDirectSslProvider sslProvider = createConfiguredDirectSslProvider( + serverName, endpointCertificateSecrets, /*tlsCaCertificatesPath*/null, tlsCaCertificates, false); + return new HostedSslConnectorFactory(sslProvider, true, false, enableHttp2); } /** * Create connector factory that uses the default certificate and truststore provided by Vespa (through Vespa-global TLS configuration). */ - public static HostedSslConnectorFactory withDefaultCertificateAndTruststore(String serverName) { - return new HostedSslConnectorFactory(new DefaultSslProvider(serverName), true, false); + public static HostedSslConnectorFactory withDefaultCertificateAndTruststore(String serverName, boolean enableHttp2) { + return new HostedSslConnectorFactory(new DefaultSslProvider(serverName), true, false, enableHttp2); } - private HostedSslConnectorFactory(SslProvider sslProvider, boolean enforceClientAuth, boolean enforceHandshakeClientAuth) { - super(new Builder("tls4443", 4443).sslProvider(sslProvider)); + private HostedSslConnectorFactory(SslProvider sslProvider, boolean enforceClientAuth, + boolean enforceHandshakeClientAuth, boolean enableHttp2) { + super(new Builder("tls4443", 4443).sslProvider(sslProvider).enableHttp2(enableHttp2)); this.enforceClientAuth = enforceClientAuth; this.enforceHandshakeClientAuth = enforceHandshakeClientAuth; } |