-
Type:
Bug
-
Status: Closed
-
Priority:
P2
-
Resolution: Fixed
-
Affects Version/s: 11
-
Fix Version/s: 11
-
Component/s: security-libs
-
Subcomponent:
-
Introduced In Build:b20
-
Introduced In Version:
-
Resolved In Build:b22
-
CPU:x86_64
-
OS:linux
-
Verification:Not verified
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8207095 | 12 | Sibabrata Sahoo | P2 | Resolved | Fixed | b03 |
| JDK-8207446 | 11.0.2 | Sibabrata Sahoo | P2 | Resolved | Fixed | b01 |
| JDK-8207556 | 11.0.1 | Sibabrata Sahoo | P2 | Resolved | Fixed | b02 |
ADDITIONAL SYSTEM INFORMATION :
java version "11-ea" 2018-09-25
Java(TM) SE Runtime Environment 18.9 (build 11-ea+20)
Java HotSpot(TM) 64-Bit Server VM 18.9 (build 11-ea+20, mixed mode)
A DESCRIPTION OF THE PROBLEM :
Starting with 11-ea+20, SSLSessionImpl.getLocalPrincipal() throws a NullPointerException when localCerts is null. This breaks widely used HTTP clients such as Apache HttpComponents.
REGRESSION : Last worked in version 11
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Execute any code that uses sun.security.ssl.SSLSessionImpl but does not use any local certs and call getLocalPrincipal().
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
The method returns null.
ACTUAL -
The method throws a NullPointerException.
---------- BEGIN SOURCE ----------
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
public class Main {
public static void main(String[] args) throws Exception {
SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket("docs.oracle.com", 443);
System.out.println(socket.getSession().getLocalPrincipal());
}
}
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
Users could catch NullPointerException, but it clearly contradicts the Javadoc and used to work up to 11-ea+19.
FREQUENCY : always
java version "11-ea" 2018-09-25
Java(TM) SE Runtime Environment 18.9 (build 11-ea+20)
Java HotSpot(TM) 64-Bit Server VM 18.9 (build 11-ea+20, mixed mode)
A DESCRIPTION OF THE PROBLEM :
Starting with 11-ea+20, SSLSessionImpl.getLocalPrincipal() throws a NullPointerException when localCerts is null. This breaks widely used HTTP clients such as Apache HttpComponents.
REGRESSION : Last worked in version 11
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Execute any code that uses sun.security.ssl.SSLSessionImpl but does not use any local certs and call getLocalPrincipal().
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
The method returns null.
ACTUAL -
The method throws a NullPointerException.
---------- BEGIN SOURCE ----------
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
public class Main {
public static void main(String[] args) throws Exception {
SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket("docs.oracle.com", 443);
System.out.println(socket.getSession().getLocalPrincipal());
}
}
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
Users could catch NullPointerException, but it clearly contradicts the Javadoc and used to work up to 11-ea+19.
FREQUENCY : always
- backported by
-
JDK-8207095 SSLSessionImpl.getLocalPrincipal() throws NPE
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
- relates to
-
-
- Resolved
-
-
-
- Open
-