1

I use SSLEngines together with NIO to provide nonblocking SSL connections to my application. At some point during the handshake (probably after receiving ServerHelloDone) the SSLEngine requires me to process a delegated task.

So I call getDelegatedTask and call it's run method. The task itself calls X509ExtendedKeyManager.getCertificateChain, which in turn throws an NullPointerException. That exception is caught by the Handshaker and stored for later reporting.

However reporting works by calling the private checkTaskThrown method that is only called when a message was received or a message is to be sent. But without getCertificateChain to complete correctly, there is nothing to send and the other side sends nothing as well, so there is nothing to receive. Hence the exception stays hidden.

As no side proceeds, we have a livelock. And I found no way to prevent or detect that, except for

  • Using reflection to call checkTaskThrown
  • Use some task / timer for a timeout

Neither of which is the route I want to go...

Steffen Heil
  • 4,286
  • 3
  • 32
  • 35
  • When the task completes you should retry the operation that returned NEED_TASK. But why does it throw a NullPointerException? – user207421 Oct 13 '15 at 23:28
  • You were actually right. My code did actually call `getHandshakeStatus` and got `NEED_UNWRAP` but as there was nothing in the `sourceByteBuffer` an internal optimization bit me and `unwrap` was not called. Please repost your comment as answer. – Steffen Heil Oct 20 '15 at 06:49

1 Answers1

2

When the task completes you should retry the operation that returned NEED_TASK.

You need to find and fix the NPE in your KeyManager.

user207421
  • 305,947
  • 44
  • 307
  • 483