Fixes #6159 - Jetty with Conscrypt unable to handle any HTTPS requests when connected by IP rather than hostname.

Added null guard for `ExtendedSSLSession.getRequestedServerNames()`
which should never return null, but it does when using Conscrypt.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
This commit is contained in:
Simone Bordet 2021-05-06 16:18:51 +02:00
parent d3576a883e
commit 1c34222415
1 changed files with 12 additions and 6 deletions

View File

@ -21,6 +21,7 @@ import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.function.UnaryOperator;
@ -28,6 +29,7 @@ import java.util.stream.Collectors;
import javax.net.ssl.ExtendedSSLSession;
import javax.net.ssl.SNIHostName;
import javax.net.ssl.SNIMatcher;
import javax.net.ssl.SNIServerName;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLSession;
@ -115,12 +117,16 @@ public class SniX509ExtendedKeyManager extends X509ExtendedKeyManager
String host = null;
if (session instanceof ExtendedSSLSession)
{
host = ((ExtendedSSLSession)session).getRequestedServerNames().stream()
.findAny()
.filter(SNIHostName.class::isInstance)
.map(SNIHostName.class::cast)
.map(SNIHostName::getAsciiName)
.orElse(null);
List<SNIServerName> serverNames = ((ExtendedSSLSession)session).getRequestedServerNames();
if (serverNames != null)
{
host = serverNames.stream()
.findAny()
.filter(SNIHostName.class::isInstance)
.map(SNIHostName.class::cast)
.map(SNIHostName::getAsciiName)
.orElse(null);
}
}
if (host == null)
{