Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixes #6159 - Jetty with Conscrypt unable to handle any HTTPS requests when connected by IP rather than hostname. 

Added null guard for `ExtendedSSLSession.getRequestedServerNames()`
which should never return null, but it does when using Conscrypt.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
This commit is contained in:
Simone Bordet 2021-05-06 16:18:51 +02:00
parent d3576a883e
commit 1c34222415
1 changed files with 12 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SniX509ExtendedKeyManager.java
View File

@ -21,6 +21,7 @@ import java.util.Arrays;
import java.util.Collection; import java.util.Collection;
import java.util.Collections; import java.util.Collections;
import java.util.LinkedHashMap; import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map; import java.util.Map;
import java.util.Objects; import java.util.Objects;
import java.util.function.UnaryOperator; import java.util.function.UnaryOperator;
@ -28,6 +29,7 @@ import java.util.stream.Collectors;
import javax.net.ssl.ExtendedSSLSession; import javax.net.ssl.ExtendedSSLSession;
import javax.net.ssl.SNIHostName; import javax.net.ssl.SNIHostName;
import javax.net.ssl.SNIMatcher; import javax.net.ssl.SNIMatcher;
import javax.net.ssl.SNIServerName;
import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLHandshakeException; import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLSession; import javax.net.ssl.SSLSession;
@ -115,12 +117,16 @@ public class SniX509ExtendedKeyManager extends X509ExtendedKeyManager
String host = null; String host = null;
if (session instanceof ExtendedSSLSession) if (session instanceof ExtendedSSLSession)
{ {
host = ((ExtendedSSLSession)session).getRequestedServerNames().stream() List<SNIServerName> serverNames = ((ExtendedSSLSession)session).getRequestedServerNames();
.findAny() if (serverNames != null)
.filter(SNIHostName.class::isInstance) {
.map(SNIHostName.class::cast) host = serverNames.stream()
.map(SNIHostName::getAsciiName) .findAny()
.orElse(null); .filter(SNIHostName.class::isInstance)
.map(SNIHostName.class::cast)
.map(SNIHostName::getAsciiName)
.orElse(null);
}
} }
if (host == null) if (host == null)
{ {