RFR: 8376031: HttpsURLConnection.getServerCertificates() throws "java.lang.IllegalStateException: connection not yet open" for the HEAD method

[Jaikiran Pai]

On Thu, 29 Jan 2026 15:32:50 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:

> The issue here is that `HttpURLConnection` is automatically disconnected (`HttpClient` is set to `null`, `connected` is set to `false`) when a response with no response body bytes is received. This happens before a fake empty body input stream is returned to the user. That behaviour also occurs with any method for which `content-length: 0` is returned (GET, POST, custom, anything), and with any status code (204, 304) for which there is no body.
> 
> In this case, the proposed fix is to store the `SSLSession` in the `AbstractDelegateHttpsURLConnection` subclass until such a time where `disconnect()` is explicitely closed. Information pertaining to SSL, such as server certificates, can be extracted from the saved `SSLSession`.

src/java.base/share/classes/sun/net/www/protocol/http/HttpURLConnection.java line 1680:

> 1678:                     respCode == HTTP_NOT_MODIFIED ||
> 1679:                     respCode == HTTP_NO_CONTENT) {
> 1680:                     noResponseBody();

Would it be better if we moved the next 4 lines in this if block into the implementation of `noResponseBody()`? That way this if block would call that method and it would have all the necessary logic of setting the relevant states?

Of course `AbstractDelegateHttpsURLConnection.java` would in its overridden implementation of `noResponseBody()` would first store the `SSLSession` and then be expected to call the `super.noResponseBody()`, which I think would be a good thing.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/29489#discussion_r2751093567