Uploaded image for project: 'Application Server 3 4 5 and 6'
  1. Application Server 3 4 5 and 6
  2. JBAS-2502

HttpsHostVerifier detection fails with NPE with JSSE missing

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • JBossAS-3.2.8RC1
    • JBossAS-3.2.7 Final
    • Remoting
    • None

    Description

      The HTTPS host verifier detection is causing NPEs when JSSE is missing.
      Even if the user is not using HTTPS.

      This will log a warning and leave the class as null

      // Determine the type of the HttpsURLConnection in this runtime
      ClassLoader loader = Thread.currentThread().getContextClassLoader();
      try

      { // First look for the JDK 1.4 JSSE Https connection httpsConnClass = loader.loadClass("javax.net.ssl.HttpsURLConnection"); log.debug("httpsConnClass: " + httpsConnClass); }

      catch (Exception e)
      {
      // Next try the JSSE external dist Https connection
      try

      { httpsConnClass = loader.loadClass("com.sun.net.ssl.HttpsURLConnection"); log.debug("httpsConnClass: " + httpsConnClass); }

      catch (Exception e2)

      { log.warn("No HttpsURLConnection seen"); }

      }

      This will throw an NPE

      boolean isHttpsConn = httpsConnClass.isAssignableFrom(conn.getClass());
      if (isHttpsConn)
      {
      // See if the org.jboss.security.ignoreHttpsHost property is set
      if (Boolean.getBoolean(IGNORE_HTTPS_HOST) == true)

      { AnyhostVerifier.setHostnameVerifier(conn); }

      }

      Attachments

        Activity

          People

            adrian.brock Adrian Brock (Inactive)
            adrian.brock Adrian Brock (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: