Loading...

Type: Bug
Resolution: Fixed
Priority: P4
Fix Version/s: tbd
Affects Version/s: 9, 10, 11
Component/s: core-libs
Labels:
- dcs-pso
- httpclient
- jep-110
- jep-321
- reproducer-yes
- webbug

Subcomponent:
java.net
CPU:

x86_64
OS:

linux

FULL PRODUCT VERSION :
java version "9.0.4"
Java(TM) SE Runtime Environment (build 9.0.4+11)
Java HotSpot(TM) 64-Bit Server VM (build 9.0.4+11, mixed mode)

ADDITIONAL OS VERSION INFORMATION :
Linux xxx 2.6.32-573.el6.x86_64 #1 SMP Thu Jul 23 15:44:03 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

CentOS release 6.7 (Final)

A DESCRIPTION OF THE PROBLEM :
The SSL server certificate used at 'https://blogs.oracle.com/' does not contain the IP address in the subject DN nor subject alternative name.
Therefor, TLS handshake is expected to fail if an IP address is specified as target host.

I believe javax.net.ssl.SSLParameters#setEndpointIdentificationAlgorithm("HTTPS") enables hostname verification function on SSLSocket, and expect SSLException is thrown, but RuntimeException/NullPointerException is thrown.

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
run the code attached in 'Source code for an executable test case:' on JDK/JRE 9:

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
An Exception indicates TLS handshake fails, such as 'SSLException: hostname in certificate didn't match', is thrown at 'HttpClient#send()'
ACTUAL -
An Exception not indicates TLS handshake fails is thrown.

ERROR MESSAGES/STACK TRACES THAT OCCUR :
java.lang.RuntimeException: Delegated task threw Exception/Error
at java.base/sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1594)
at java.base/sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:497)
at java.base/sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:745)
at java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:680)
at java.base/javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:626)
at jdk.incubator.httpclient/jdk.incubator.http.AsyncSSLDelegate.unwrapBuffer(AsyncSSLDelegate.java:476)
at jdk.incubator.httpclient/jdk.incubator.http.AsyncSSLDelegate.handshakeReceiveAndUnWrap(AsyncSSLDelegate.java:395)
at jdk.incubator.httpclient/jdk.incubator.http.AsyncSSLDelegate.doHandshakeImpl(AsyncSSLDelegate.java:294)
at jdk.incubator.httpclient/jdk.incubator.http.AsyncSSLDelegate.doHandshakeNow(AsyncSSLDelegate.java:262)
at jdk.incubator.httpclient/jdk.incubator.http.AsyncSSLDelegate.connect(AsyncSSLDelegate.java:233)
at jdk.incubator.httpclient/jdk.incubator.http.AsyncSSLConnection.connect(AsyncSSLConnection.java:78)
at jdk.incubator.httpclient/jdk.incubator.http.Http2Connection.<init>(Http2Connection.java:272)
at jdk.incubator.httpclient/jdk.incubator.http.Http2ClientImpl.getConnectionFor(Http2ClientImpl.java:108)
at jdk.incubator.httpclient/jdk.incubator.http.ExchangeImpl.get(ExchangeImpl.java:86)
at jdk.incubator.httpclient/jdk.incubator.http.Exchange.establishExchange(Exchange.java:257)
at jdk.incubator.httpclient/jdk.incubator.http.Exchange.responseImpl0(Exchange.java:268)
at jdk.incubator.httpclient/jdk.incubator.http.Exchange.responseImpl(Exchange.java:245)
at jdk.incubator.httpclient/jdk.incubator.http.Exchange.response(Exchange.java:121)
at jdk.incubator.httpclient/jdk.incubator.http.MultiExchange.response(MultiExchange.java:154)
at jdk.incubator.httpclient/jdk.incubator.http.HttpClientImpl.send(HttpClientImpl.java:234)
at test.httpclient.HostnameVerificationTest.get(HostnameVerificationTest.java:41)
at test.httpclient.HostnameVerificationTest.run(HostnameVerificationTest.java:22)
at test.httpclient.HostnameVerificationTest.main(HostnameVerificationTest.java:16)
Caused by: java.lang.NullPointerException
at java.base/sun.net.util.IPAddressUtil.textToNumericFormatV4(IPAddressUtil.java:49)
at java.base/sun.net.util.IPAddressUtil.isIPv4LiteralAddress(IPAddressUtil.java:241)
at java.base/sun.security.util.HostnameChecker.isIpAddress(HostnameChecker.java:139)
at java.base/sun.security.util.HostnameChecker.match(HostnameChecker.java:97)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:481)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:456)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:296)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:145)
at java.base/sun.security.ssl.ClientHandshaker.checkServerCerts(ClientHandshaker.java:1952)
at java.base/sun.security.ssl.ClientHandshaker.certificateStatus(ClientHandshaker.java:1798)
at java.base/sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:276)
at java.base/sun.security.ssl.Handshaker.processLoop(Handshaker.java:1092)
at java.base/sun.security.ssl.Handshaker$1.run(Handshaker.java:1031)
at java.base/sun.security.ssl.Handshaker$1.run(Handshaker.java:1028)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at java.base/sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1534)
at jdk.incubator.httpclient/jdk.incubator.http.AsyncSSLDelegate.lambda$handshakeReceiveAndUnWrap$1(AsyncSSLDelegate.java:413)
at java.base/java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1494)
at java.base/java.util.stream.ReferencePipeline$Head.forEach(ReferencePipeline.java:591)
at jdk.incubator.httpclient/jdk.incubator.http.AsyncSSLDelegate.handshakeReceiveAndUnWrap(AsyncSSLDelegate.java:413)
... 16 more

REPRODUCIBILITY :
This bug can be reproduced always.

---------- BEGIN SOURCE ----------
package test.httpclient;

import java.net.URI;

import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLParameters;

import jdk.incubator.http.HttpClient;
import jdk.incubator.http.HttpRequest;
import jdk.incubator.http.HttpResponse;
import jdk.incubator.http.HttpResponse.BodyHandler;

public class HostnameVerificationTest {

public static void main(String[] args) {
(new HostnameVerificationTest()).run();
}

private void run() {
try {
//get("https://blogs.oracle.com/java/jdk-http-client");
get("https://23.2.131.192/java/jdk-http-client");
} catch (Exception e) {
e.printStackTrace();
}
}

public void get(String uri) throws Exception {
SSLParameters sslparams = SSLContext.getDefault().getDefaultSSLParameters();
sslparams.setEndpointIdentificationAlgorithm("HTTPS");

HttpClient client = HttpClient.newBuilder()
.sslParameters(sslparams)
.build();
HttpRequest request = HttpRequest.newBuilder()
.uri(URI.create(uri))
.GET()
.build();

HttpResponse<String> response =
client.send(request, BodyHandler.asString());

System.out.println("status = " + response.statusCode());
}

}

---------- END SOURCE ----------

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

JI9053107.java
1 kB
2018-03-27 22:48

Details

Description

Attachments

Attachments

Activity

People

Dates