-
Bug
-
Resolution: Done
-
Critical
-
None
-
None
-
None
Coverity found possible NPE occurense, as according to javadoc for SSLSession().getLocalCertificates() may return null [1], but X500.asX509CertificateArray can't consume null parameter and NPE will be thrown in that case.
ServerAuthenticationContext.java
} else if (callback instanceof SSLCallback) { SSLCallback sslCallback = (SSLCallback) callback; try { peerCerts = X500.asX509CertificateArray(sslCallback.getSslSession().getPeerCertificates()); } catch (SSLPeerUnverifiedException e) { log.trace("Peer unverified", e); peerCerts = null; } serverCerts = X500.asX509CertificateArray(sslCallback.getSslSession().getLocalCertificates()); handleOne(callbacks, idx + 1); }
[1] https://docs.oracle.com/javase/8/docs/api/javax/net/ssl/SSLSession.html#getLocalCertificates--
- clones
-
JBEAP-11925 Coverity static analysis: Dereference null return value in ServerAuthenticationContext (Elytron)
- Closed