JDK-8206355 : SSLSessionImpl.getLocalPrincipal() throws NPE
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Affected Version: 11
  • Priority: P2
  • Status: Closed
  • Resolution: Fixed
  • OS: linux
  • CPU: x86_64
  • Submitted: 2018-07-04
  • Updated: 2020-11-23
  • Resolved: 2018-07-04
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 11 JDK 8 Other
11 b22Fixed 8u261Fixed openjdk8u272Fixed
Related Reports
Relates :  
Relates :  
Description
ADDITIONAL SYSTEM INFORMATION :
java version "11-ea" 2018-09-25
Java(TM) SE Runtime Environment 18.9 (build 11-ea+20)
Java HotSpot(TM) 64-Bit Server VM 18.9 (build 11-ea+20, mixed mode)

A DESCRIPTION OF THE PROBLEM :
Starting with 11-ea+20, SSLSessionImpl.getLocalPrincipal() throws a NullPointerException when localCerts is null. This breaks widely used HTTP clients such as Apache HttpComponents.

REGRESSION : Last worked in version 11

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Execute any code that uses sun.security.ssl.SSLSessionImpl but does not use any local certs and call getLocalPrincipal().


EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
The method returns null.
ACTUAL -
The method throws a NullPointerException.

---------- BEGIN SOURCE ----------
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;

public class Main {
    public static void main(String[] args) throws Exception {
        SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket("docs.oracle.com", 443);
        System.out.println(socket.getSession().getLocalPrincipal());
    }
}
---------- END SOURCE ----------

CUSTOMER SUBMITTED WORKAROUND :
Users could catch NullPointerException, but it clearly contradicts the Javadoc and used to work up to 11-ea+19.

FREQUENCY : always



Comments
Submitter's comment - This issue is not only affecting JUnit but also Gradle which no longer works on the 11-ea build.
04-07-2018

From Submitter: It will be from this code piece: 660 public Principal getLocalPrincipal() { 661 return ((localCerts == null && localCerts.length != 0) ? null : 662 localCerts[0].getSubjectX500Principal()); 663 } rather it should be : ((localCerts == null || localCerts.length == 0)
04-07-2018