-
Bug
-
Resolution: Fixed
-
P4
-
8, 11, 17, 21, 24
-
b11
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8350554 | 24.0.2 | Konanki Sreenath | P4 | Closed | Won't Fix |
sun.security.x509.X509CertImpl.getExtensionValue can trigger creation of NPEs which are caught in Exception block. Might be better to test if sun.security.x509.X509CertInfo.getExtensions() is null instead.
java.lang.Throwable
at java.base/java.lang.NullPointerException.<init>(NullPointerException.java:60)
at java.base/sun.security.x509.X509CertImpl.getExtensionValue(X509CertImpl.java:1081)
at java.base/sun.security.provider.certpath.AdaptableX509CertSelector.matchSubjectKeyID(AdaptableX509CertSelector.java:212)
at java.base/sun.security.provider.certpath.AdaptableX509CertSelector.match(AdaptableX509CertSelector.java:159)
at java.base/sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:123)
at java.base/sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:83)
at java.base/java.security.cert.CertPathValidator.validate(CertPathValidator.java:307)
at java.base/sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:312)
at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:255)
at java.base/sun.security.validator.Validator.validate(Validator.java:256)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:133)
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:635)
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:471)
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:367)
at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:393)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:476)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:447)
at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:199)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172)
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1506)
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1421)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:455)
at java.base/sun.security.ssl.SSLSocketImpl.ensureNegotiated(SSLSocketImpl.java:924)
at java.base/sun.security.ssl.SSLSocketImpl.getSession(SSLSocketImpl.java:371)
at SSLConnectLoop.main(SSLConnectLoop.java:30)
exception : java.lang.NullPointerException: Cannot invoke "sun.security.x509.CertificateExtensions.getExtension(String)" because the return value of "sun.security.x509.X509CertInfo.getExtensions()" is null
java.lang.Throwable
at java.base/java.lang.NullPointerException.<init>(NullPointerException.java:60)
at java.base/sun.security.x509.X509CertImpl.getExtensionValue(X509CertImpl.java:1081)
at java.base/sun.security.provider.certpath.AdaptableX509CertSelector.matchSubjectKeyID(AdaptableX509CertSelector.java:212)
at java.base/sun.security.provider.certpath.AdaptableX509CertSelector.match(AdaptableX509CertSelector.java:159)
at java.base/sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:123)
at java.base/sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:83)
at java.base/java.security.cert.CertPathValidator.validate(CertPathValidator.java:307)
at java.base/sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:312)
at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:255)
at java.base/sun.security.validator.Validator.validate(Validator.java:256)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:133)
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:635)
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:471)
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:367)
at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:393)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:476)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:447)
at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:199)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172)
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1506)
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1421)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:455)
at java.base/sun.security.ssl.SSLSocketImpl.ensureNegotiated(SSLSocketImpl.java:924)
at java.base/sun.security.ssl.SSLSocketImpl.getSession(SSLSocketImpl.java:371)
at SSLConnectLoop.main(SSLConnectLoop.java:30)
exception : java.lang.NullPointerException: Cannot invoke "sun.security.x509.CertificateExtensions.getExtension(String)" because the return value of "sun.security.x509.X509CertInfo.getExtensions()" is null
- backported by
-
JDK-8350554 Harden X509CertImpl.getExtensionValue for NPE cases
-
- Closed
-
- links to
-
Commit(master)
openjdk/jdk/70a6c0b7
-
Review(master)
openjdk/jdk24u/88
-
Review(master)
openjdk/jdk/23315