代码之家  ›  专栏  ›  技术社区  ›  ARX

在Tomcat 9中配置SSL连接器会引发NullPointerException

  •  1
  • ARX  · 技术社区  · 6 年前

    虽然我可以在localhost:8080上看到Tomcat的启动页,但我在使用JSSE连接器时遇到了问题。我在Ubuntu 16.04的JDK 9.0.1上使用Tomcat 9.0.2。

    我的连接器是:

    <Connector port="8443"
               protocol="org.apache.coyote.http11.Http11NioProtocol"
               sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation"
               maxThreads="150"
               SSLEnabled="true"
               scheme="https"
               secure="true" >
        <SSLHostConfig>
            <Certificate certificateKeystoreFile="../.keystore"
                         certificateKeystorePassword="changeit"
                         certificateKeyAlias="tomcat"
                         type="RSA" />
        </SSLHostConfig>
    </Connector>
    

    但是,在浏览器上转到localhost:8443时,我会看到以下内容:

    在Firefox上: “连接已重置。加载页面时,与服务器的连接已重置。”

    关于铬: “此页面不工作。localhost未发送任何数据。ERR\u EMPTY\u响应”

    我看到密钥库文件被正确读取。当我这样做时:

    openssl s_client -debug -connect localhost:8443
    

    输出如下:

    CONNECTED(00000003)
    write to 0xb9f0b0 [0xb9fdb0] (305 bytes => 305 (0x131))
    ...
    depth=0 C = EC, ST = mystate, L = mycity, O = myorg, OU = myou, CN = my name
    verify error:num=18:self signed certificate
    verify return:1
    depth=0 C = EC, ST = mystate, L = mycity, O = myorg, OU = myou, CN = my name
    verify return:1
    ...
    Certificate chain
     0 s:/C=EC/ST=mystate/L=mycity/O=myorg/OU=myou/CN=my name
       i:/C=EC/ST=mystate/L=mycity/O=myorg/OU=myou/CN=my name
    ---
    Server certificate
    -----BEGIN CERTIFICATE-----
    ...
    -----END CERTIFICATE-----
    subject=/C=EC/ST=mystate/L=mycity/O=myorg/OU=myou/CN=my name
    issuer=/C=EC/ST=mystate/L=mycity/O=myorg/OU=myou/CN=my name
    ---
    No client certificate CA names sent
    Peer signing digest: SHA512
    Server Temp Key: ECDH, P-256, 256 bits
    ---
    SSL handshake has read 1353 bytes and written 431 bytes
    ---
    New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
    Server public key is 2048 bit
    Secure Renegotiation IS supported
    Compression: NONE
    Expansion: NONE
    No ALPN negotiated
    SSL-Session:
        Protocol  : TLSv1.2
        Cipher    : ECDHE-RSA-AES256-GCM-SHA384
        Session-ID: 65D77EF99F8E4E7D145ABC005CCBFAA283533280995D7203A0220A6C1D11B9D4
        Session-ID-ctx: 
        Master-Key: 5B2734E8A9EC21DE0090F2AC288A3D6E872FB292455B6F9FF84963D77F745D2E2E627D2A4358AE4A65F89B8EA123571A
        Key-Arg   : None
        PSK identity: None
        PSK identity hint: None
        SRP username: None
        Start Time: 1515167322
        Timeout   : 300 (sec)
        Verify return code: 18 (self signed certificate)
    

    catalina.out 日志文件中,我发现每当我尝试通过浏览器localhost:8443访问时,都会发生NPE:

    05-Jan-2018 08:48:06.848 SEVERE [https-jsse-nio-8443-exec-1] org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun
     java.lang.NullPointerException
            at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLEngine(AbstractJsseEndpoint.java:180)
            at org.apache.tomcat.util.net.SecureNioChannel.processSNI(SecureNioChannel.java:325)
            at org.apache.tomcat.util.net.SecureNioChannel.handshake(SecureNioChannel.java:175)
            at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1353)
            at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
            at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
            at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
            at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
            at java.base/java.lang.Thread.run(Thread.java:844)
    

    此异常重复10次,重复之间的唯一区别是子字符串“exec-<NUMBER>”在第一行中,数字范围从1到10(在上面的示例中,它是1)。

    为什么多伦方法会抛出NPE对我来说是个谜。我尝试了许多配置组合,但都没有成功。发生了什么?

    1 回复  |  直到 6 年前
        1
  •  2
  •   SkyWalker    6 年前

    该问题由 https://bz.apache.org/bugzilla/show_bug.cgi?id=61914 并将在 Tomcat 9.0.3+ .

    已将空检查添加到 o.a.t.util.net.AbstractJsseEndpoint.createSSLEngine() ,第180行,用于纠正使用Java 9时可能出现的NPE。