Bump Netty to 4.1.69.Final

[omarsmak]

This is related to this PR #20619.

Now Netty 4.1.69.Final has been officially released, thus the update is possible

[omarsmak]

I see this test is failing in the CI:

[INFO] -------------------------------------------------------
[INFO]  T E S T S
[INFO] -------------------------------------------------------
[INFO] Running io.quarkus.it.rest.client.wronghost.ExternalWrongHostIT
Executing "/home/runner/work/quarkus/quarkus/integration-tests/rest-client/target/quarkus-integration-test-rest-client-999-SNAPSHOT-runner -Dquarkus.http.port=8081 -Dquarkus.http.ssl-port=8444 -Dtest.url=http://localhost:8081 -Dquarkus.log.file.path=/home/runner/work/quarkus/quarkus/integration-tests/rest-client/target/quarkus.log -Dquarkus.log.file.enable=true -Dquarkus.tls.trust-all=true -Dwrong-host/mp-rest/hostnameVerifier=io.quarkus.restclient.NoopHostnameVerifier -Dwrong-host/mp-rest/trustStore=/home/runner/work/quarkus/quarkus/integration-tests/rest-client/wrong-host -Dwrong-host/mp-rest/trustStorePassword=changeit"
__  ____  __  _____   ___  __ ____  ______ 
 --/ __ \/ / / / _ | / _ \/ //_/ / / / __/ 
 -/ /_/ / /_/ / __ |/ , _/ ,< / /_/ /\ \   
--\___\_\____/_/ |_/_/|_/_/|_|\____/___/   
2021-10-12 09:23:42,434 WARN  [io.qua.run.con.ConfigRecorder] (main) Build time property cannot be changed at runtime:
 - quarkus.tls.trust-all was 'false' at build time and is now 'true'
2021-10-12 09:23:42,439 INFO  [io.quarkus] (main) quarkus-integration-test-rest-client 999-SNAPSHOT native (powered by Quarkus 999-SNAPSHOT) started in 0.028s. Listening on: http://0.0.0.0:8081
2021-10-12 09:23:42,439 INFO  [io.quarkus] (main) Profile prod activated. 
2021-10-12 09:23:42,439 INFO  [io.quarkus] (main) Installed features: [cdi, micrometer, rest-client, resteasy, smallrye-context-propagation, smallrye-fault-tolerance, vertx]
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 10.046 s - in io.quarkus.it.rest.client.wronghost.ExternalWrongHostIT
[INFO] Running io.quarkus.it.rest.client.MultipartResourceIT
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.104 s - in io.quarkus.it.rest.client.MultipartResourceIT
[INFO] Running io.quarkus.it.rest.client.selfsigned.ExternalSelfSignedITCase
Error:  WARNING: An illegal reflective access operation has occurred
Error:  WARNING: Illegal reflective access by org.codehaus.groovy.vmplugin.v9.Java9 (file:/home/runner/.m2/repository/org/codehaus/groovy/groovy/3.0.8/groovy-3.0.8.jar) to constructor java.lang.AssertionError(java.lang.String)
Error:  WARNING: Please consider reporting this to the maintainers of org.codehaus.groovy.vmplugin.v9.Java9
Error:  WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
Error:  WARNING: All illegal access operations will be denied in a future release
2021-10-12 09:23:46,794 ERROR [io.qua.ver.htt.run.QuarkusErrorHandler] (executor-thread-1) HTTP Request to /self-signed/java failed, error id: ca7c5ead-5aab-4ea8-a355-99aa144d679e-1: org.jboss.resteasy.spi.UnhandledException: javax.net.ssl.SSLHandshakeException: PKIX path validation failed: sun.security.validator.ValidatorException: TrustAnchor with subject "CN=*.badssl.com, O=BadSSL, L=San Francisco, ST=California, C=US" is not a CA certificate
	at org.jboss.resteasy.core.ExceptionHandler.handleApplicationException(ExceptionHandler.java:106)
	at org.jboss.resteasy.core.ExceptionHandler.handleException(ExceptionHandler.java:372)
	at org.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:218)
	at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:519)
	at org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:261)
	at org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:161)
	at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:364)
	at org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:164)
	at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:247)
	at io.quarkus.resteasy.runtime.standalone.RequestDispatcher.service(RequestDispatcher.java:73)
	at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.dispatch(VertxRequestHandler.java:135)
	at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler$1.run(VertxRequestHandler.java:90)
	at io.quarkus.vertx.core.runtime.VertxCoreRecorder$13.runWith(VertxCoreRecorder.java:543)
	at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2449)
	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1478)
	at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29)
	at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29)
	at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
	at java.lang.Thread.run(Thread.java:829)
	at com.oracle.svm.core.thread.JavaThreads.threadStartRoutine(JavaThreads.java:567)
	at com.oracle.svm.core.posix.thread.PosixJavaThreads.pthreadStartRoutine(PosixJavaThreads.java:192)
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path validation failed: sun.security.validator.ValidatorException: TrustAnchor with subject "CN=*.badssl.com, O=BadSSL, L=San Francisco, ST=California, C=US" is not a CA certificate
	at sun.security.ssl.Alert.createSSLException(Alert.java:131)
	at sun.security.ssl.TransportContext.fatal(TransportContext.java:349)
	at sun.security.ssl.TransportContext.fatal(TransportContext.java:292)
	at sun.security.ssl.TransportContext.fatal(TransportContext.java:287)
	at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:654)
	at sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:473)
	at sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:369)
	at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
	at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:443)
	at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:421)
	at sun.security.ssl.TransportContext.dispatch(TransportContext.java:182)
	at sun.security.ssl.SSLTransport.decode(SSLTransport.java:172)
	at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1426)
	at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1336)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:450)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:421)
	at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:572)
	at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:197)
	at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1592)
	at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1520)
	at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:527)
	at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:334)
	at io.quarkus.it.rest.client.selfsigned.ExternalSelfSignedResource.doGetCipher(ExternalSelfSignedResource.java:53)
	at io.quarkus.it.rest.client.selfsigned.ExternalSelfSignedResource.invokeJavaURLWithDefaultTruststore(ExternalSelfSignedResource.java:44)
	at io.quarkus.it.rest.client.selfsigned.ExternalSelfSignedResource_Subclass.invokeJavaURLWithDefaultTruststore$$superforward1(ExternalSelfSignedResource_Subclass.zig:122)
	at io.quarkus.it.rest.client.selfsigned.ExternalSelfSignedResource_Subclass$$function$$1.apply(ExternalSelfSignedResource_Subclass$$function$$1.zig:24)
	at io.quarkus.arc.impl.AroundInvokeInvocationContext.proceed(AroundInvokeInvocationContext.java:54)
	at io.quarkus.resteasy.runtime.QuarkusRestPathTemplateInterceptor.restMethodInvoke(QuarkusRestPathTemplateInterceptor.java:31)
	at io.quarkus.resteasy.runtime.QuarkusRestPathTemplateInterceptor_Bean.intercept(QuarkusRestPathTemplateInterceptor_Bean.zig:323)
	at io.quarkus.arc.impl.InterceptorInvocation.invoke(InterceptorInvocation.java:41)
	at io.quarkus.arc.impl.AroundInvokeInvocationContext.perform(AroundInvokeInvocationContext.java:41)
	at io.quarkus.arc.impl.InvocationContexts.performAroundInvoke(InvocationContexts.java:32)
	at io.quarkus.it.rest.client.selfsigned.ExternalSelfSignedResource_Subclass.invokeJavaURLWithDefaultTruststore(ExternalSelfSignedResource_Subclass.zig:193)
	at java.lang.reflect.Method.invoke(Method.java:566)
	at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:170)
	at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:130)
	at org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:660)
	at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:524)
	at org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$2(ResourceMethodInvoker.java:474)
	at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:364)
	at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:476)
	at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:434)
	at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:408)
	at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:69)
	at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:492)
	... 17 more
Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: sun.security.validator.ValidatorException: TrustAnchor with subject "CN=*.badssl.com, O=BadSSL, L=San Francisco, ST=California, C=US" is not a CA certificate
	at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:369)
	at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:275)
	at sun.security.validator.Validator.validate(Validator.java:264)
	at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:313)
	at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:222)
	at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:129)
	at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:638)
	... 57 more
Caused by: sun.security.validator.ValidatorException: TrustAnchor with subject "CN=*.badssl.com, O=BadSSL, L=San Francisco, ST=California, C=US" is not a CA certificate
	at sun.security.validator.PKIXValidator.verifyTrustAnchor(PKIXValidator.java:393)
	at sun.security.validator.PKIXValidator.toArray(PKIXValidator.java:333)
	at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:366)
	... 63 more

Error:  Tests run: 2, Failures: 1, Errors: 0, Skipped: 0, Time elapsed: 1.735 s <<< FAILURE! - in io.quarkus.it.rest.client.selfsigned.ExternalSelfSignedITCase
Error:  io.quarkus.it.rest.client.selfsigned.ExternalSelfSignedITCase.should_accept_self_signed_certs_java_url  Time elapsed: 1.277 s  <<< FAILURE!
java.lang.AssertionError: 
1 expectation failed.
Expected status code <200> but was <500>.

However, I see it also failing in this PR: #20668

[gsmet]

Yeah, don't worry about this test.

[quarkus-bot]

This workflow status is outdated as a new workflow run has been triggered.

Failing Jobs - Building 9df8bae

Status	Name	Step	Failures	Logs	Raw logs
✖	JVM Tests - JDK 11	Build	Failures	Logs	Raw logs
✖	JVM Tests - JDK 11 Windows	Build	⚠️ Check →	Logs	Raw logs
✖	JVM Tests - JDK 17	Build	⚠️ Check →	Logs	Raw logs
✖	Native Tests - HTTP	Build	Failures	Logs	Raw logs

Full information is available in the Build summary check run.

⚠️ Errors occurred while downloading the build reports. This report is incomplete.

Failures

⚙️ JVM Tests - JDK 11 #

- Failing: integration-tests/rest-client 

📦 integration-tests/rest-client

✖ io.quarkus.it.rest.client.selfsigned.ExternalSelfSignedTestCase.should_accept_self_signed_certs_java_url line 29 - More details - Source on GitHub

java.lang.AssertionError: 
1 expectation failed.
Expected status code <200> but was <500>.

---

⚙️ Native Tests - HTTP #

- Failing: integration-tests/rest-client 

📦 integration-tests/rest-client

✖ io.quarkus.it.rest.client.selfsigned.ExternalSelfSignedITCase.should_accept_self_signed_certs_java_url - More details - Source on GitHub

java.lang.AssertionError: 
1 expectation failed.
Expected status code <200> but was <500>.

[omarsmak]

cc @gsmet @cescoffier

[gsmet]

I rebased to get the latest CI fixes.

@cescoffier I'll let you decide if/when you want this one.

[quarkus-bot]

Failing Jobs - Building 396e984

Status	Name	Step	Failures	Logs	Raw logs
✖	Devtools Tests - JDK 11 Windows		⚠️ Check →	Logs	Raw logs
✖	Gradle Tests - JDK 11 Windows		⚠️ Check →	Logs	Raw logs
✔️	JVM Tests - JDK 11
✖	JVM Tests - JDK 11 Windows		⚠️ Check →	Logs	Raw logs
✔️	JVM Tests - JDK 17
✖	Maven Tests - JDK 11 Windows		⚠️ Check →	Logs	Raw logs

[cescoffier]

Seems to be ok.
From https://netty.io/news/2021/10/11/4-1-69-Final.html, I'm wondering what issue you encountered? TCNative should not be used in Java 11+.

[ppalaga]

TCNative should not be used in Java 11+.

Thanks for the hint, @cescoffier! Let's us try to eliminate netty-tcnative-boringssl-static in Camel Quarkus.

[omarsmak]

Seems to be ok. From https://netty.io/news/2021/10/11/4-1-69-Final.html, I'm wondering what issue you encountered? TCNative should not be used in Java 11+.

Indeed, that is actually a good tip! I will check why do we require TCNative in Java 11+.