[Bug 62032] NPE caused by Connector and SSLHostConfig

Wed, 24 Jan 2018 05:54:02 -0800 

https://bz.apache.org/bugzilla/show_bug.cgi?id=62032

--- Comment #4 from Coty Sutherland <csuth...@apache.org> ---
(In reply to Mark Thomas from comment #3)
> We should check that the behaviour is consistent for:
> - no keystore or PEM file specified

This behaves the same as the bugzilla description (throws an NPE).

> - keystore specified but file does not exist

SSLUtilBase.getStore() throws a FNFE with a nice message and stack trace which
is logged again by StandardService.initInternal() when the Connector fails to
init. I think we should remove the stack trace from SSLUtilBase.getStore()'s
log message (or maybe make it debug?) and keep the message so that the stack is
only printed once for the exception here.

> - PEM file specified but file does not exist

This one behaves really weirdly. Two (duplicate) warning messages are logged at
the same time from SSLHostConfig.adjustRelativePath() stating that the PEM file
does not exist. Then another warning from OpenSSLContext.init() saying that it
can't init the SSL context because there's no such file...but, the Connector
init doesn't fail and it binds as usual (albeit unusable). When you try and
access the Connector over https it gets rejected and the following is logged:

SEVERE [https-openssl-nio-8443-exec-1]
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun 
 java.lang.Exception: cannot create new ssl
    at org.apache.tomcat.jni.SSL.newSSL(Native Method)
    at
org.apache.tomcat.util.net.openssl.OpenSSLEngine.<init>(OpenSSLEngine.java:213)
    at
org.apache.tomcat.util.net.openssl.OpenSSLContext.createSSLEngine(OpenSSLContext.java:514)
    at
org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLEngine(AbstractJsseEndpoint.java:162)
    ....

If you try the Connector over http, you'll get and 400 status response with a
"Bad Request" body.

I think all of these scenarios should be consistent experiences and behave like
scenario two above (throw a FNFE), with the amendment of only dumping the stack
once per exception.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to