JDK-6514454 : A NullPointerException is throw when HTTPS connection is established
  • Type: Bug
  • Component: deploy
  • Sub-Component: webstart
  • Affected Version: 6,6u1,6u2
  • Priority: P2
  • Status: Closed
  • Resolution: Fixed
  • OS: windows_xp
  • CPU: x86
  • Submitted: 2007-01-18
  • Updated: 2011-03-08
  • Resolved: 2011-03-08
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 6 JDK 7
6u4Fixed 7 b16Fixed
Related Reports
Duplicate :  
JDK-6547437 - REGRESSION:Client authenticated SSL sessions in 6.0 do not renegotiate
Duplicate :  
JDK-6563297 - X509ExtendedDeployTrustManager NullPointerException
Duplicate :  
JDK-2149424 - REGRESSION:Client authenticated SSL sessions in 6.0 do not renegotiate
Duplicate :  
JDK-6708421 - SSLException: Received fatal alert, thrown when accessing SSL service by Oracle
Duplicate :  
JDK-6635806 - NullPointerException after accept prompt to allow applet to run
Relates :  
JDK-6596946 - Using org.apache.commons.httpclient.* cause SunCertPathBuilderException
Description
FULL PRODUCT VERSION :
java version "1.6.0"
Java(TM) SE Runtime Environment (build 1.6.0-b105)
Java HotSpot(TM) Client VM (build 1.6.0-b105, mixed mode, sharing)

ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows XP [Version 5.1.2600]

A DESCRIPTION OF THE PROBLEM :
When an application started with JWS tries to establish a HTTPS connection, a NullPointerException is thrown. I have found out, that the bug only occurs, if you specify a custom HostnameVerifier.

ERROR MESSAGES/STACK TRACES THAT OCCUR :
javax.net.ssl.SSLException: java.lang.NullPointerException
	at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(Unknown Source)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
	at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
	at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
	at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
	at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
	at de.igel.rm.ServerConnection.connect(ServerConnection.java:1400)
	at de.igel.rm.ServerConnection.getServerVersion(ServerConnection.java:431)
	at de.igel.rm.gui.MainFrame$ConnectThread.work(MainFrame.java:914)
	at de.igel.util.WorkerThread.run(WorkerThread.java:32)
Caused by: java.lang.NullPointerException
	at com.sun.deploy.security.X509ExtendedDeployTrustManager.isSupportedAlgorithm(Unknown Source)
	at com.sun.deploy.security.X509ExtendedDeployTrustManager.checkServerTrusted(Unknown Source)
	at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
	at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
	at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
	at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
	... 10 more

---------- BEGIN SOURCE ----------
package de.igel;

import javax.net.ssl.*;
import java.net.URL;
import java.io.InputStream;
import java.io.IOException;
 
public class HttpsTest
{
    public static final String httpsUrl = "https://scgi.ebay.com/ws/eBayISAPI.dll?RegisterEnterInfo"  ;
    public static void main( String[] args )
    {
        HttpsURLConnection.setDefaultHostnameVerifier( new NoHostnameVerify() );
         try
        {
            URL u = new URL( httpsUrl );
            HttpsURLConnection con = (HttpsURLConnection)u.openConnection();
            InputStream in = con.getInputStream();
            int c = 0;
            while( ( c = in.read() ) != -1 )
            {
                System.out.print( (char)c );
            }
        }
        catch( IOException e )
        {
            e.printStackTrace();
        }
     }
}
 
class NoHostnameVerify implements HostnameVerifier
{
    public boolean verify(String parm1, SSLSession parm2)
    {
        return true;
    }
}
 
I have used the following JNLP descriptor:
 
<jnlp spec="1.0+" codebase="http://localhost:8080/" href="http://localhost:8080/test/httpstest.jnlp">
  <information>
    <title>HTTPS test</title>
    <vendor>IGEL Technology GmbH</vendor>
    <homepage href="http://www.igel.de"/>
    <description>Trys to open a HTTPS connection</description>
    <offline-allowed/>
  </information>
  <security>
    <all-permissions/>
  </security>
  <resources>
    <j2se href="http://java.sun.com/products/autodl/j2se" version="1.5+"/>
    <jar href="http://localhost:8080/test/test.jar" download="eager"/>
  </resources>
  <application-desc main-class="de.igel.HttpsTest"/>
</jnlp>
---------- END SOURCE ----------

REPRODUCIBILITY :
This bug can be reproduced always.
Comments
EVALUATION I have identify some issue in our code, which is only apply to JDK 6, fix in progress.
22-05-2007