United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
Bug ID: JDK-6514454 A NullPointerException is throw when HTTPS connection is established
JDK-6514454 : A NullPointerException is throw when HTTPS connection is established

Details
Type:
Bug
Submit Date:
2007-01-18
Status:
Closed
Updated Date:
2011-03-08
Project Name:
JDK
Resolved Date:
2011-03-08
Component:
deploy
OS:
windows_xp
Sub-Component:
webstart
CPU:
x86
Priority:
P2
Resolution:
Fixed
Affected Versions:
6,6u1,6u2
Fixed Versions:

Related Reports
Backport:
Duplicate:
Duplicate:
Duplicate:
Duplicate:
Duplicate:
Relates:

Sub Tasks

Description
FULL PRODUCT VERSION :
java version "1.6.0"
Java(TM) SE Runtime Environment (build 1.6.0-b105)
Java HotSpot(TM) Client VM (build 1.6.0-b105, mixed mode, sharing)

ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows XP [Version 5.1.2600]

A DESCRIPTION OF THE PROBLEM :
When an application started with JWS tries to establish a HTTPS connection, a NullPointerException is thrown. I have found out, that the bug only occurs, if you specify a custom HostnameVerifier.

ERROR MESSAGES/STACK TRACES THAT OCCUR :
javax.net.ssl.SSLException: java.lang.NullPointerException
	at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(Unknown Source)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
	at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
	at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
	at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
	at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
	at de.igel.rm.ServerConnection.connect(ServerConnection.java:1400)
	at de.igel.rm.ServerConnection.getServerVersion(ServerConnection.java:431)
	at de.igel.rm.gui.MainFrame$ConnectThread.work(MainFrame.java:914)
	at de.igel.util.WorkerThread.run(WorkerThread.java:32)
Caused by: java.lang.NullPointerException
	at com.sun.deploy.security.X509ExtendedDeployTrustManager.isSupportedAlgorithm(Unknown Source)
	at com.sun.deploy.security.X509ExtendedDeployTrustManager.checkServerTrusted(Unknown Source)
	at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
	at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
	at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
	at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
	... 10 more

---------- BEGIN SOURCE ----------
package de.igel;

import javax.net.ssl.*;
import java.net.URL;
import java.io.InputStream;
import java.io.IOException;
 
public class HttpsTest
{
    public static final String httpsUrl = "https://scgi.ebay.com/ws/eBayISAPI.dll?RegisterEnterInfo"  ;
    public static void main( String[] args )
    {
        HttpsURLConnection.setDefaultHostnameVerifier( new NoHostnameVerify() );
         try
        {
            URL u = new URL( httpsUrl );
            HttpsURLConnection con = (HttpsURLConnection)u.openConnection();
            InputStream in = con.getInputStream();
            int c = 0;
            while( ( c = in.read() ) != -1 )
            {
                System.out.print( (char)c );
            }
        }
        catch( IOException e )
        {
            e.printStackTrace();
        }
     }
}
 
class NoHostnameVerify implements HostnameVerifier
{
    public boolean verify(String parm1, SSLSession parm2)
    {
        return true;
    }
}
 
I have used the following JNLP descriptor:
 
<jnlp spec="1.0+" codebase="http://localhost:8080/" href="http://localhost:8080/test/httpstest.jnlp">
  <information>
    <title>HTTPS test</title>
    <vendor>IGEL Technology GmbH</vendor>
    <homepage href="http://www.igel.de"/>
    <description>Trys to open a HTTPS connection</description>
    <offline-allowed/>
  </information>
  <security>
    <all-permissions/>
  </security>
  <resources>
    <j2se href="http://java.sun.com/products/autodl/j2se" version="1.5+"/>
    <jar href="http://localhost:8080/test/test.jar" download="eager"/>
  </resources>
  <application-desc main-class="de.igel.HttpsTest"/>
</jnlp>
---------- END SOURCE ----------

REPRODUCIBILITY :
This bug can be reproduced always.

                                    

Comments
EVALUATION

I have identify some issue in our code, which is only apply to JDK 6, fix in progress.
                                     
2007-05-22



Hardware and Software, Engineered to Work Together