From 077e8538ff77e1192718f4dfda0b02acaa793b81 Mon Sep 17 00:00:00 2001 From: zrlw Date: Thu, 9 Apr 2026 17:24:06 +0800 Subject: [PATCH 1/2] Create QuicSslEngine for client with parameter peer host to support hostname checker --- .../remoting/http3/Http3SslContexts.java | 1 - .../netty4/NettyHttp3ConnectionClient.java | 6 +++++- .../src/test/resources/certs/server.pem | 21 +++++++++---------- 3 files changed, 15 insertions(+), 13 deletions(-) diff --git a/dubbo-remoting/dubbo-remoting-http3/src/main/java/org/apache/dubbo/remoting/http3/Http3SslContexts.java b/dubbo-remoting/dubbo-remoting-http3/src/main/java/org/apache/dubbo/remoting/http3/Http3SslContexts.java index 129e77868b66..09e71d8ebe51 100644 --- a/dubbo-remoting/dubbo-remoting-http3/src/main/java/org/apache/dubbo/remoting/http3/Http3SslContexts.java +++ b/dubbo-remoting/dubbo-remoting-http3/src/main/java/org/apache/dubbo/remoting/http3/Http3SslContexts.java @@ -123,7 +123,6 @@ public static QuicSslContext buildClientSslContext(URL url) { } catch (Throwable t) { throw new IllegalArgumentException("Could not find certificate file or the certificate is invalid.", t); } - builder.endpointIdentificationAlgorithm(null); try { return builder.applicationProtocols(Http3.supportedApplicationProtocols()) .build(); diff --git a/dubbo-remoting/dubbo-remoting-http3/src/main/java/org/apache/dubbo/remoting/transport/netty4/NettyHttp3ConnectionClient.java b/dubbo-remoting/dubbo-remoting-http3/src/main/java/org/apache/dubbo/remoting/transport/netty4/NettyHttp3ConnectionClient.java index d3fbca570bdb..054d7b2df6d3 100644 --- a/dubbo-remoting/dubbo-remoting-http3/src/main/java/org/apache/dubbo/remoting/transport/netty4/NettyHttp3ConnectionClient.java +++ b/dubbo-remoting/dubbo-remoting-http3/src/main/java/org/apache/dubbo/remoting/transport/netty4/NettyHttp3ConnectionClient.java @@ -16,6 +16,8 @@ */ package org.apache.dubbo.remoting.transport.netty4; +import io.netty.handler.codec.quic.QuicSslContext; + import org.apache.dubbo.common.URL; import org.apache.dubbo.remoting.ChannelHandler; import org.apache.dubbo.remoting.Constants; @@ -64,8 +66,10 @@ protected void initConnectionClient() { @Override protected void initBootstrap() throws Exception { + URL url = getUrl(); + QuicSslContext quicSslContext = Http3SslContexts.buildClientSslContext(url); io.netty.channel.ChannelHandler codec = Http3Helper.configCodec(Http3.newQuicClientCodecBuilder(), getUrl()) - .sslContext(Http3SslContexts.buildClientSslContext(getUrl())) + .sslEngineProvider(q -> quicSslContext.newEngine(q.alloc(), url.getHost(), url.getPort())) .build(); io.netty.channel.Channel nettyDatagramChannel = new Bootstrap() .option(ChannelOption.CONNECT_TIMEOUT_MILLIS, getConnectTimeout()) diff --git a/dubbo-rpc/dubbo-rpc-triple/src/test/resources/certs/server.pem b/dubbo-rpc/dubbo-rpc-triple/src/test/resources/certs/server.pem index 6c7cd60b4280..8bd014e7048e 100644 --- a/dubbo-rpc/dubbo-rpc-triple/src/test/resources/certs/server.pem +++ b/dubbo-rpc/dubbo-rpc-triple/src/test/resources/certs/server.pem @@ -1,18 +1,17 @@ -----BEGIN CERTIFICATE----- -MIIC+jCCAeKgAwIBAgIUFrQFPMAmmmGTMmlyK4+r3aaCRwwwDQYJKoZIhvcNAQEL -BQAwEjEQMA4GA1UEAwwHcXVpYy1jYTAgFw0yNDA4MjEwNjM4MDdaGA8yMDc0MDgw -OTA2MzgwN1owFjEUMBIGA1UEAwwLcXVpYy1zZXJ2ZXIwggEiMA0GCSqGSIb3DQEB +MIICyzCCAbOgAwIBAgIUdPJpD5OcSrtKFT3tDXbKUAhk9ywwDQYJKoZIhvcNAQEL +BQAwEjEQMA4GA1UEAwwHcXVpYy1jYTAgFw0yNjA0MDkwOTE2MTdaGA8yMDc2MDQw +OTA5MTYxN1owFjEUMBIGA1UEAwwLcXVpYy1zZXJ2ZXIwggEiMA0GCSqGSIb3DQEB AQUAA4IBDwAwggEKAoIBAQC/wX9dQdJmAA1bGCaLV09Fve9gLJc8/o9ERCpQyV2f CEJmWXYEzS1n8z0k3MAGxLF8pw98K6A8J7/6lWB0f4edsgMu05zUco/fu9nMIHnn VSEXVcEDxh1E9LcPCWKLyukPSJy1eW8VJtxAR/sTyZUK6u7fWLQW/yp9KPdOvicv 4ynHDv/S1BCUjH/N/bv8Lwc4a0U/QArlOSZ8CJfNWNV2gCtJtQLJZWK27qrLLMYO /A4ZgnJ79ssCaaO6KxXKmETW5y+Q3+aawLdT0jrIcjwhmWAok7RgLeIYT1fK8QM2 -ON5y4efJIH116XK1B//Mcyx8ymunNcPpPPrxMeT/ibmbAgMBAAGjQjBAMB0GA1Ud -DgQWBBTGNCm9e2SitiqMincY+d3xjexS9zAfBgNVHSMEGDAWgBQEK/HUx2bnjBMN -3iBMjAWK0xY6bTANBgkqhkiG9w0BAQsFAAOCAQEAUuPFchVrD/zTsww7voBwBm9f -Jv3Ix87feArTof0hQ3YVPhPhDwPVxSHOp2SGZ2HiqrFPyAsFDgUn7VFjdeVZxEr5 -E090UsoWCEikHp49aw9jN8IIKEvguP2AiIdBfl4wa/We5y9CtiLvcEHWk+MdB7dX -leX1HPFyWgCqm2JIknITV1ZYpmeovAzMz3Qh+IJWAub+6ANYA9F1CkKoRVy9Guio -g35+8my2PZtS8dP60Ef4YmoSQ0D/WMgwscrpUScdKzcnybsWk3OCKS2MY+joUQp+ -6AhkeB8Jafgmb7Zh8PINdJEM7Ab/Mc8pf11ghYUeWYM+1jEgOI0BzPijMCx6bQ== +ON5y4efJIH116XK1B//Mcyx8ymunNcPpPPrxMeT/ibmbAgMBAAGjEzARMA8GA1Ud +EQQIMAaHBH8AAAEwDQYJKoZIhvcNAQELBQADggEBAFm1PDjUKjIIr/9OkKGQ8e69 +qO7HMm4K3n84Utu/BaRewQTGXK8NqE9C4yBPvZsC3aAVRwVy0L4askXh1P5u8sa+ +HFt/Mc4bUc4cAU7lyocK8zZh5fbwZnojecWN+XZayzGrVyIhoEOep25P6s7/C4Bn +/o+pD3ufMyTkBsVAUxPPx0O+cUtCr7g/LUIE7OTqaok/yWYlHxDrLwEPeCawrbkM +Y8YDRDjjgD+yZN0YlRiB4cCN+W6feuWNZsOGiirXc+pLMp6pySbcCqhjM/uCzmoX +dzI7mzGyCi4YPHI3R9EgMfasFkSrAQOivWtQi0XpXoG2zLYmKLFVwF8YwpGA1b4= -----END CERTIFICATE----- From c99e00ff852938673534da5d3f81e78330ac2cac Mon Sep 17 00:00:00 2001 From: zrlw Date: Thu, 9 Apr 2026 18:50:35 +0800 Subject: [PATCH 2/2] Reformat NettyHttp3ConnectionClient.java --- .../remoting/transport/netty4/NettyHttp3ConnectionClient.java | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/dubbo-remoting/dubbo-remoting-http3/src/main/java/org/apache/dubbo/remoting/transport/netty4/NettyHttp3ConnectionClient.java b/dubbo-remoting/dubbo-remoting-http3/src/main/java/org/apache/dubbo/remoting/transport/netty4/NettyHttp3ConnectionClient.java index 054d7b2df6d3..898ee06a096f 100644 --- a/dubbo-remoting/dubbo-remoting-http3/src/main/java/org/apache/dubbo/remoting/transport/netty4/NettyHttp3ConnectionClient.java +++ b/dubbo-remoting/dubbo-remoting-http3/src/main/java/org/apache/dubbo/remoting/transport/netty4/NettyHttp3ConnectionClient.java @@ -16,8 +16,6 @@ */ package org.apache.dubbo.remoting.transport.netty4; -import io.netty.handler.codec.quic.QuicSslContext; - import org.apache.dubbo.common.URL; import org.apache.dubbo.remoting.ChannelHandler; import org.apache.dubbo.remoting.Constants; @@ -40,6 +38,7 @@ import io.netty.handler.codec.http3.Http3ClientConnectionHandler; import io.netty.handler.codec.quic.QuicChannel; import io.netty.handler.codec.quic.QuicChannelBootstrap; +import io.netty.handler.codec.quic.QuicSslContext; import io.netty.util.concurrent.Future; import io.netty.util.concurrent.GenericFutureListener;