JDK-5067458 : Loopback SSLSocketImpl createSocket is throwing an exception.
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Affected Version: 1.4.2
  • Priority: P3
  • Status: Closed
  • Resolution: Fixed
  • OS: generic
  • CPU: generic
  • Submitted: 2004-06-23
  • Updated: 2016-04-29
  • Resolved: 2011-03-07
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 6 JDK 7
6u115Fixed 7 b50Fixed
Description
i've been looking at a bug filed against J2ME CDC Security Optional
Package and, while developing a test case, i ran onto behavior
which seems to me to be a bug, but i wanted to check with you guys
first.

i'm attaching an example. in essence, i do this:

            SocketFactory f = SocketFactory.getDefault();
            Socket s = f.createSocket( (String)null, 8080 );

and i create a loopback socket, as per the spec for java.net.Socket.
the createSocket() call throws an exception, but it's an
IOException which indicates "Connection refused" because i don't
have anything listening on that socket. no problem there. however,
then i do this:

            SSLSocketFactory f =
        (SSLSocketFactory)SSLSocketFactory.getDefault();
            SSLSocket s = (SSLSocket)f.createSocket( (String)null,
                                                     8080 );

and i get an IllegalArgumentException from java.net.InetSocketAddress
saying that an InetSocketAddress can't be created with a null
hostname. since SSLSocket extends socket, and the spec doesn't
mention any change in behavior, i would expect to get the same
loopback behavior and another "Connection refused" exception.

if i run another example which subclasses SSLSocket directly
and passes a null hostname, i do seem to get a loopback socket
and a "Connection refused" exception, so the problem only seems
to arise with the default SSLSocketImpl that comes with J2SE.

i've tried this first with the CDC SecOP CVM, and then with J2SE
1.4.2 on solaris and linux, and a beta of J2SE 1.5.0. the behavior
remains consistent. am i misunderstanding something here, or is
this a bug? i took a quick look in bugtraq but didn't see anything
right away which seemed related to this, so i wanted to check to
see if this was a known problem, or indeed isn't a problem for some
reason.
Comments
EVALUATION You're probably the first one to ever try a loopback on SSL. :) Yes, I expect that would be a bug. We should be checking for null hostname string, and if so, use "localhost" (or something similar). I'd like to double check with the network team, but I'm pretty sure this should have the same behaviour, and thus am filing this bug on their behalf. Check all instances of createSocket to see if there are any other nulls which should have this behaviour. ###@###.### 2004-06-23
23-06-2004