Uploaded image for project: 'Application Server 3 4 5 and 6'
  1. Application Server 3 4 5 and 6
  2. JBAS-2502

HttpsHostVerifier detection fails with NPE with JSSE missing

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • JBossAS-3.2.8RC1
    • JBossAS-3.2.7 Final
    • Remoting
    • None

      The HTTPS host verifier detection is causing NPEs when JSSE is missing.
      Even if the user is not using HTTPS.

      This will log a warning and leave the class as null

      // Determine the type of the HttpsURLConnection in this runtime
      ClassLoader loader = Thread.currentThread().getContextClassLoader();
      try

      { // First look for the JDK 1.4 JSSE Https connection httpsConnClass = loader.loadClass("javax.net.ssl.HttpsURLConnection"); log.debug("httpsConnClass: " + httpsConnClass); }

      catch (Exception e)
      {
      // Next try the JSSE external dist Https connection
      try

      { httpsConnClass = loader.loadClass("com.sun.net.ssl.HttpsURLConnection"); log.debug("httpsConnClass: " + httpsConnClass); }

      catch (Exception e2)

      { log.warn("No HttpsURLConnection seen"); }

      }

      This will throw an NPE

      boolean isHttpsConn = httpsConnClass.isAssignableFrom(conn.getClass());
      if (isHttpsConn)
      {
      // See if the org.jboss.security.ignoreHttpsHost property is set
      if (Boolean.getBoolean(IGNORE_HTTPS_HOST) == true)

      { AnyhostVerifier.setHostnameVerifier(conn); }

      }

              adrian.brock Adrian Brock (Inactive)
              adrian.brock Adrian Brock (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved: