JDK 13 SSLSession.getValue() throws NPE
Simone Bordet
sbordet at webtide.com
Thu Sep 5 17:44:30 UTC 2019
Hi,
we have a number of TLS tests failing in Jetty when running on JDK 13,
while they work on JDK 11 and 12.
The simplest way to reproduce this is to open 2 TLS sockets to Jetty,
one after the other.
On the server, the first socket creates a SSLEngine which has a SSLSession.
Jetty calls SSLSession.getValue() to check whether a key (that we may
have put on the session during SNI processing) is there. For the first
socket this works.
The second socket, however, is using resumption. On the server, a new
SSLEngine is created, but its SSLSession has field "boundValues" ==
null so trying to call SSLSession.getValue() throws a NPE.
Is this a regression?
Thanks!
--
Simone Bordet
----
http://cometd.org
http://webtide.com
Developer advice, training, services and support
from the Jetty & CometD experts.
More information about the security-dev
mailing list