-
Bug
-
Resolution: Unresolved
-
P4
-
8u231, 12, 13, 14
-
x86
-
generic
ADDITIONAL SYSTEM INFORMATION :
macOS 10.13.6 (17G9016)
openjdk version "14-ea" 2020-03-17
A DESCRIPTION OF THE PROBLEM :
Connecting to a HTTPS URL and making a request that results in an empty response (eg 204 or common 302) seems to put the HttpsURLConnection in an odd state where calling some of its specific methods to get details about the connection fail with `java.lang.IllegalStateException: connection not yet open`, for example `getCipherSuite`, `getLocalCertificates`, `getLocalPrincipal`, `getPeerPrincipal`, `getServerCertificates` and possibly others.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Call any of getCipherSuite, getLocalCertificates, getLocalPrincipal, getPeerPrincipal, getServerCertificates on a HttpsURLConnection instance which has been returned an empty body, as part of a call to URL.openConnection.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
When running the attached code:
204
TLS_xxxx
null
null
CN=xxx
[Ljava.security.cert.X509Certificate;@xxx
302
TLS_xxxx
null
null
CN=xxx
[Ljava.security.cert.X509Certificate;@xxx
200
TLS_AES_256_GCM_SHA384
null
null
CN=www.ibm.com, O=IBM, L=Armonk, ST=New York, C=US
[Ljava.security.cert.X509Certificate;@1f0f1111
ACTUAL -
204
java.lang.IllegalStateException: connection not yet open
at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getCipherSuite(AbstractDelegateHttpsURLConnection.java:199)
at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getCipherSuite(HttpsURLConnectionImpl.java:167)
at Test.fetch(Test.java:24)
at Test.main(Test.java:8)
302
java.lang.IllegalStateException: connection not yet open
at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getCipherSuite(AbstractDelegateHttpsURLConnection.java:199)
at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getCipherSuite(HttpsURLConnectionImpl.java:167)
at Test.fetch(Test.java:24)
at Test.main(Test.java:9)
200
TLS_AES_256_GCM_SHA384
null
null
CN=www.ibm.com, O=IBM, L=Armonk, ST=New York, C=US
[Ljava.security.cert.X509Certificate;@1f0f1111
---------- BEGIN SOURCE ----------
import java.io.InputStream;
import java.net.URL;
import javax.net.ssl.HttpsURLConnection;
public class Test {
public static void main(String[] args) {
Test.fetch("https://httpstat.us/204");
Test.fetch("https://java.sun.com:443");
Test.fetch("https://ibm.com:443");
}
public static void fetch(String s) {
try {
URL url = new URL(s);
HttpsURLConnection connection = (HttpsURLConnection)url.openConnection();
System.out.println(connection.getResponseCode());
InputStream inputStream = connection.getInputStream();
int c;
while((c = inputStream.read()) != -1);
System.out.println(connection.getCipherSuite());
System.out.println(connection.getLocalCertificates());
System.out.println(connection.getLocalPrincipal());
System.out.println(connection.getPeerPrincipal());
System.out.println(connection.getServerCertificates());
inputStream.close();
} catch (Exception e) {
e.printStackTrace();
}
}
}
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
None that I can determine at the moment.
FREQUENCY : always
macOS 10.13.6 (17G9016)
openjdk version "14-ea" 2020-03-17
A DESCRIPTION OF THE PROBLEM :
Connecting to a HTTPS URL and making a request that results in an empty response (eg 204 or common 302) seems to put the HttpsURLConnection in an odd state where calling some of its specific methods to get details about the connection fail with `java.lang.IllegalStateException: connection not yet open`, for example `getCipherSuite`, `getLocalCertificates`, `getLocalPrincipal`, `getPeerPrincipal`, `getServerCertificates` and possibly others.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Call any of getCipherSuite, getLocalCertificates, getLocalPrincipal, getPeerPrincipal, getServerCertificates on a HttpsURLConnection instance which has been returned an empty body, as part of a call to URL.openConnection.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
When running the attached code:
204
TLS_xxxx
null
null
CN=xxx
[Ljava.security.cert.X509Certificate;@xxx
302
TLS_xxxx
null
null
CN=xxx
[Ljava.security.cert.X509Certificate;@xxx
200
TLS_AES_256_GCM_SHA384
null
null
CN=www.ibm.com, O=IBM, L=Armonk, ST=New York, C=US
[Ljava.security.cert.X509Certificate;@1f0f1111
ACTUAL -
204
java.lang.IllegalStateException: connection not yet open
at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getCipherSuite(AbstractDelegateHttpsURLConnection.java:199)
at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getCipherSuite(HttpsURLConnectionImpl.java:167)
at Test.fetch(Test.java:24)
at Test.main(Test.java:8)
302
java.lang.IllegalStateException: connection not yet open
at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getCipherSuite(AbstractDelegateHttpsURLConnection.java:199)
at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getCipherSuite(HttpsURLConnectionImpl.java:167)
at Test.fetch(Test.java:24)
at Test.main(Test.java:9)
200
TLS_AES_256_GCM_SHA384
null
null
CN=www.ibm.com, O=IBM, L=Armonk, ST=New York, C=US
[Ljava.security.cert.X509Certificate;@1f0f1111
---------- BEGIN SOURCE ----------
import java.io.InputStream;
import java.net.URL;
import javax.net.ssl.HttpsURLConnection;
public class Test {
public static void main(String[] args) {
Test.fetch("https://httpstat.us/204");
Test.fetch("https://java.sun.com:443");
Test.fetch("https://ibm.com:443");
}
public static void fetch(String s) {
try {
URL url = new URL(s);
HttpsURLConnection connection = (HttpsURLConnection)url.openConnection();
System.out.println(connection.getResponseCode());
InputStream inputStream = connection.getInputStream();
int c;
while((c = inputStream.read()) != -1);
System.out.println(connection.getCipherSuite());
System.out.println(connection.getLocalCertificates());
System.out.println(connection.getLocalPrincipal());
System.out.println(connection.getPeerPrincipal());
System.out.println(connection.getServerCertificates());
inputStream.close();
} catch (Exception e) {
e.printStackTrace();
}
}
}
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
None that I can determine at the moment.
FREQUENCY : always