Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-7782

Client session context is null before SSL context initialization

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.2.5
    • Fix Version/s: 3.2.6, 3.1.17
    • Component/s: Transports
    • Labels:
    • Environment:

      bctls-jdk15on-1.59

    • Estimated Complexity:
      Unknown

      Description

      We are going to replace the default (Sun) JSSE provider with the one from BouncyCastle and are running into a NullPointerException when getting the SSLSessionContext from the SSLContext.

      The problem occurs in

      org.apache.cxf.transport.https.SSLUtils.getSSLContext(TLSParameterBase):73

      when trying to set the timeout for the SSL session.

      The javadoc of

      javax.net.ssl.SSLContext.getClientSessionContext()

      states that "[the client session context] may be unavailable in some environments, in which case this method returns null. [...]"

      Apparently, this is (in general) not the case for the SunJSSE provider, but the BCJSSE provider needs the SSLContext to be initialized before the client session context is available. So after the call of

      javax.net.ssl.SSLContext.init(KeyManager[], TrustManager[], SecureRandom)

      which happens further below (line 87), the client session context is not null any more, but it's too late, obviously.

      For the BCJSSE provider, setting the session timeout musst happen after the init() of the SSLContext. But a general handling in case of {{getClientSessionContext()}}returning null wouldn't hurt either.

        Attachments

          Activity

            People

            • Assignee:
              coheigea Colm O hEigeartaigh
              Reporter:
              Oliver Knerr Oliver Knerr
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: