Configuring SSL connector in Tomcat 9 throws NullPointerException

Question

While I can see Tomcat's splash page on localhost:8080, I am having problems to get a JSSE Connector to work. I am using Tomcat 9.0.2 on JDK 9.0.1 on Ubuntu 16.04.

My connector is:

However, when on the browser I go to localhost:8443, I see the following:

On Firefox: "The connection was reset. The connection to the server was reset while the page was loading."

On Chromium: "This page isn’t working. localhost didn’t send any data. ERR_EMPTY_RESPONSE"

I see that the keystore file is being correctly read. When I do:

openssl s_client -debug -connect localhost:8443

the output is the following:

CONNECTED(00000003)
write to 0xb9f0b0 [0xb9fdb0] (305 bytes => 305 (0x131))
...
depth=0 C = EC, ST = mystate, L = mycity, O = myorg, OU = myou, CN = my name
verify error:num=18:self signed certificate
verify return:1
depth=0 C = EC, ST = mystate, L = mycity, O = myorg, OU = myou, CN = my name
verify return:1
...
Certificate chain
 0 s:/C=EC/ST=mystate/L=mycity/O=myorg/OU=myou/CN=my name
   i:/C=EC/ST=mystate/L=mycity/O=myorg/OU=myou/CN=my name
---
Server certificate
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
subject=/C=EC/ST=mystate/L=mycity/O=myorg/OU=myou/CN=my name
issuer=/C=EC/ST=mystate/L=mycity/O=myorg/OU=myou/CN=my name
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 1353 bytes and written 431 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: 65D77EF99F8E4E7D145ABC005CCBFAA283533280995D7203A0220A6C1D11B9D4
    Session-ID-ctx: 
    Master-Key: 5B2734E8A9EC21DE0090F2AC288A3D6E872FB292455B6F9FF84963D77F745D2E2E627D2A4358AE4A65F89B8EA123571A
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1515167322
    Timeout   : 300 (sec)
    Verify return code: 18 (self signed certificate)

In the catalina.out log file, I find that whenever I try to access through the browser localhost:8443, NPEs occur:

05-Jan-2018 08:48:06.848 SEVERE [https-jsse-nio-8443-exec-1] org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun
 java.lang.NullPointerException
        at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLEngine(AbstractJsseEndpoint.java:180)
        at org.apache.tomcat.util.net.SecureNioChannel.processSNI(SecureNioChannel.java:325)
        at org.apache.tomcat.util.net.SecureNioChannel.handshake(SecureNioChannel.java:175)
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1353)
        at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
        at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
        at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
        at java.base/java.lang.Thread.run(Thread.java:844)

This exception repeats 10 times where the only difference across repeats is the substring "exec-" in the first line, where NUMBER ranges from 1 to 10 (in the example above, it was 1).

Why the doRun method throws an NPE is a mystery for me. I have tried many config combinations, to no avail. What's wrong?

csutherl · Accepted Answer

This issue was addressed by https://bz.apache.org/bugzilla/show_bug.cgi?id=61914 and will be resolved in Tomcat 9.0.3+.

A null check was added to o.a.t.util.net.AbstractJsseEndpoint.createSSLEngine(), line 180, to rectify a potential NPE when using Java 9.

Configuring SSL connector in Tomcat 9 throws NullPointerException

Answers (1)

Related Questions