do not keep the httpChannelInitializer in the netty client

net-http-client-netty-secure/src/main/java/org/xbib/net/http/client/netty/secure/http1/Https1ChannelInitializer.java

@@ -24,7 +24,6 @@ import io.netty.handler.timeout.ReadTimeoutHandler;
 import java.io.IOException;
 import java.io.UncheckedIOException;
 import java.net.InetSocketAddress;
-import java.security.Provider;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
@@ -114,6 +113,7 @@ public class Https1ChannelInitializer implements HttpChannelInitializer {
         ChannelPipeline pipeline = channel.pipeline();
         try {
             SslHandler sslHandler = createSslHandler(nettyHttpClientConfig, httpAddress);
+            logger.log(Level.FINEST, "new SslHandler created = " + sslHandler);
             channel.attr(NettyHttpsClientConfig.ATTRIBUTE_KEY_SSL_HANDLER).set(sslHandler);
             pipeline.addLast("client-ssl-handler", sslHandler);
         } catch (IOException e) {
@@ -149,7 +149,7 @@ public class Https1ChannelInitializer implements HttpChannelInitializer {
         ClientSecureSocketProvider clientSecureSocketProvider = null;
         for (ClientSecureSocketProvider provider : ServiceLoader.load(ClientSecureSocketProvider.class)) {
             if (logger.isLoggable(Level.FINEST)) {
-                logger.log(Level.FINEST, "trying secure socket provider = " + provider.name());
+                logger.log(Level.FINEST, "trying secure socket provider = " + provider);
             }
             if (nettyHttpClientConfig.getSecureSocketProviderName().equals(provider.name())) {
                 sslContextBuilder.sslProvider(provider.sslProvider(httpAddress))
@@ -161,8 +161,7 @@ public class Https1ChannelInitializer implements HttpChannelInitializer {
                             ApplicationProtocolNames.HTTP_2, ApplicationProtocolNames.HTTP_1_1));
                 }
                 if (provider.securityProvider(httpAddress) != null) {
-                    Provider p = provider.securityProvider(httpAddress);
-                    sslContextBuilder.sslContextProvider(p);
+                    sslContextBuilder.sslContextProvider(provider.securityProvider(httpAddress));
                 }
                 if (nettyHttpClientConfig.getTrustManagerFactory() != null) {
                     sslContextBuilder.trustManager(nettyHttpClientConfig.getTrustManagerFactory());
@@ -178,6 +177,9 @@ public class Https1ChannelInitializer implements HttpChannelInitializer {
         params.setEndpointIdentificationAlgorithm("HTTPS");
         List<SNIServerName> sniServerNames = new ArrayList<>();
         sniServerNames.add(new SNIHostName(httpAddress.getHost())); // only single host_name allowed
+        if (logger.isLoggable(Level.FINEST)) {
+            logger.log(Level.FINEST, "SNI server names = " + sniServerNames);
+        }
         params.setServerNames(sniServerNames);
         engine.setSSLParameters(params);
         switch (nettyHttpClientConfig.getClientAuthMode()) {
@@ -196,20 +198,21 @@ public class Https1ChannelInitializer implements HttpChannelInitializer {
         if (nettyHttpClientConfig.getSecureProtocolName() != null) {
             String[] enabledProtocols = nettyHttpClientConfig.getSecureProtocolName();
             engine.setEnabledProtocols(enabledProtocols);
-            logger.log(Level.FINEST, "TLS: configured protocol = " +
+            if (logger.isLoggable(Level.FINEST)) {
+                logger.log(Level.FINEST, "configured TLS protocols = " +
                         Arrays.asList(nettyHttpClientConfig.getSecureProtocolName()));
             }
+        }
         sslHandler.setHandshakeTimeoutMillis(nettyHttpClientConfig.getSocketConfig().getSslHandshakeTimeoutMillis());
         if (logger.isLoggable(Level.FINEST)) {
             logger.log(Level.FINEST, "TLS: selected secure socket provider = " +
-                    (clientSecureSocketProvider != null ? clientSecureSocketProvider.name() : "<none>"));
-            logger.log(Level.FINEST, "TLS:" +
+                            (clientSecureSocketProvider != null ? clientSecureSocketProvider.name() : "<none>") +
                     " enabled protocols = " + Arrays.asList(engine.getEnabledProtocols()) +
                     " supported protocols = " + Arrays.asList(engine.getSupportedProtocols()) +
                     " application protocol = " + engine.getApplicationProtocol() +
-                    " handshake application protocol = " + engine.getHandshakeApplicationProtocol());
-            logger.log(Level.FINEST, "TLS: client need auth = " +
-                    engine.getNeedClientAuth() + " client want auth = " + engine.getWantClientAuth());
+                    " handshake application protocol = " + engine.getHandshakeApplicationProtocol() +
+                    " client need auth = " + engine.getNeedClientAuth() +
+                    " client want auth = " + engine.getWantClientAuth());
         }
         return sslHandler;
     }

net-http-client-netty/src/main/java/org/xbib/net/http/client/netty/NettyHttpClient.java

@@ -37,8 +37,6 @@ public class NettyHttpClient implements HttpClient<HttpRequest, HttpResponse>, C
 
     private final AtomicBoolean closed;
 
-    private HttpChannelInitializer httpChannelInitializer;
-
     private Pool pool;
 
     private final List<Interaction> interactions;
@@ -50,7 +48,6 @@ public class NettyHttpClient implements HttpClient<HttpRequest, HttpResponse>, C
         this.eventLoopGroup = eventLoopGroup;
         this.bootstrap = bootstrap;
         this.closed = new AtomicBoolean(false);
-        this.httpChannelInitializer = builder.httpChannelInitializer;
         createBoundedPool(builder.nettyHttpClientConfig, bootstrap);
         this.interactions = new CopyOnWriteArrayList<>();
     }
@@ -171,8 +168,7 @@ public class NettyHttpClient implements HttpClient<HttpRequest, HttpResponse>, C
         if (closed.compareAndSet(false, true)) {
             try {
                 for (Interaction interaction : interactions) {
-                    logger.log(Level.FINER, "waiting for unfinshed interaction " + interaction);
-                    //interaction.get();
+                    logger.log(Level.FINER, "waiting for unfinished interaction " + interaction);
                     interaction.close();
                 }
                 if (hasPooledNodes()) {
@@ -207,18 +203,16 @@ public class NettyHttpClient implements HttpClient<HttpRequest, HttpResponse>, C
 
 
     /**
+     * Always create a new channel initializer because the HTTP address is implanted into
+     * a possible SSL handler for DNS subject alternative name resolution.
      * The lookup here needs to be thread-safe.
      * @param httpAddress the HTTP address for the channel initializer to look up.
      * @return the channel initializer
      */
     private HttpChannelInitializer lookupChannelInitializer(HttpAddress httpAddress) {
-        if (httpChannelInitializer != null || httpAddress == null) {
-            return httpChannelInitializer;
-        }
         synchronized (this) {
             for (HttpChannelInitializer initializer : ServiceLoader.load(HttpChannelInitializer.class)) {
                 if (initializer.supports(httpAddress)) {
-                    httpChannelInitializer = initializer;
                     return initializer;
                 }
             }