-
Bug
-
Resolution: Done
-
Critical
-
7.1.0.ER1
-
None
Coverity found possible NPE occurence, as according to javadoc for SSLSession().getLocalCertificates() may return null [1], but X500.asX509CertificateArray can't consume null parameter and NPE will be thrown in that case.
ServerAuthenticationContext.java
} else if (callback instanceof SSLCallback) { SSLCallback sslCallback = (SSLCallback) callback; try { peerCerts = X500.asX509CertificateArray(sslCallback.getSslSession().getPeerCertificates()); } catch (SSLPeerUnverifiedException e) { log.trace("Peer unverified", e); peerCerts = null; } serverCerts = X500.asX509CertificateArray(sslCallback.getSslSession().getLocalCertificates()); handleOne(callbacks, idx + 1); }
[1] https://docs.oracle.com/javase/8/docs/api/javax/net/ssl/SSLSession.html#getLocalCertificates--
- is cloned by
-
ELY-1278 Coverity static analysis: Dereference null return value in ServerAuthenticationContext (Elytron)
- Resolved
- is incorporated by
-
JBEAP-12265 Upgrade WildFly Elytron to 1.1.0.CR3
- Closed
- is related to
-
JBEAP-11396 Elytron - *-PLUS SASL mechanisms don't work - part of channel binding integration seems to be missing
- Closed