jet
jet copied to clipboard
mpenet
if SSL fails to initialize you're broken
The SSL connector is created after the plain connector so if there's an exception you've lost the scope for the plain socket and you can't shut it down... now you can't start again with the same port without restarting the process.
I can't send you a pull request right now, for various complicated security reasons... but here's a small refactor of your run-jetty function that fixes it:
(let [pool (doto (QueuedThreadPool. (int max-threads)
(int min-threads))
(.setDaemon daemon?))
server (doto (Server. pool)
(.addBean (ScheduledExecutorScheduler.)))
http-conf (http-config options)
http-connection-factory (doto (HttpConnectionFactory. http-conf)
(.setInputBufferSize (int input-buffer-size)))
ssl-connector (when (or ssl? ssl-port)
(doto (ServerConnector.
^Server server
(ssl-context-factory options)
^"[Lorg.eclipse.jetty.server.ConnectionFactory;"
(into-array ConnectionFactory
(cond-> [http-connection-factory]
http2? (conj (HTTP2ServerConnectionFactory. http-conf)))))
(.setPort ssl-port)
(.setHost host)
(.setIdleTimeout max-idle-time)))
connectors (cond-> [(doto (ServerConnector.
^Server server
^"[Lorg.eclipse.jetty.server.ConnectionFactory;"
(into-array ConnectionFactory
(cond-> [http-connection-factory]
http2c? (conj (HTTP2CServerConnectionFactory. http-conf)))))
(.setPort port)
(.setHost host)
(.setIdleTimeout max-idle-time))]
(and (or ssl? ssl-port) ssl-connector)
(conj ssl-connector))]
Scratch that, the above does not catch it. Sigh. I'll try and work it out.
Can't send you a PR for at least a month... I'm behind some stupid enterprise security.
I found some more problems with this. If you use SSL, you HAVE to have an HTTP port as well. If you use SSL but don't want to expose the HTTP you're in trouble?