To account for a problem with IBM 1.4.x JVM's, I think we should also test against sslSocket.getSession() being null. If it is null, we should try to get the socket to blowup by calling socket.getInputStream().available().
SSLSocket ssl = (SSLSocket) s;
SSLSession session = ssl.getSession();
if ( session == null )
// In our experience this only happens under IBM 1.4.x.
// hopefully this will unearth the real problem:
[Not sure how to deal with this 2nd patch. Do I upload a new patch containing both fixes? Sorry I'm such a newb!]
Here's some background info:
The IBM 1.4.x JVM, when acting as an SSL client, is quite picky about the certificate chain that the server presents. If the server includes some stray certificates in the chain, IBM will blowup.
But it takes a little while to blowup:
SSLSocket s = factory.createSocket( host, port );
// okay, we're still okay
SSLSession session = s.getSession();
// still okay! No exceptions thrown! But session is null. Uh oh.
InputStream in = s.getInputStream();
// Still no exceptions thrown! Wow, IBM is a survivor.
// ! * BOOM * !
javax.net.ssl.SSLHandshakeException: bad certificate
at com.ibm.jsse.bv.a(Unknown Source)
at com.ibm.jsse.a.a(Unknown Source)
at com.ibm.jsse.a.available(Unknown Source)