在 Tomcat 9 中配置 SSL 连接器抛出 NullPointerException
Configuring SSL connector in Tomcat 9 throws NullPointerException
虽然我可以在 localhost:8080 上看到 Tomcat 的初始页面,但我在使 JSSE 连接器工作时遇到了问题。我正在 Tomcat 9.0.2 JDK 9.0.1 Ubuntu 16.04.
我的连接器是:
<Connector port="8443"
protocol="org.apache.coyote.http11.Http11NioProtocol"
sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation"
maxThreads="150"
SSLEnabled="true"
scheme="https"
secure="true" >
<SSLHostConfig>
<Certificate certificateKeystoreFile="../.keystore"
certificateKeystorePassword="changeit"
certificateKeyAlias="tomcat"
type="RSA" />
</SSLHostConfig>
</Connector>
但是,当我在浏览器上转到 localhost:8443 时,我看到以下内容:
在 Firefox 上:
"The connection was reset. The connection to the server was reset while the page was loading."
关于铬:
"This page isn’t working. localhost didn’t send any data. ERR_EMPTY_RESPONSE"
我看到正在正确读取密钥库文件。当我这样做时:
openssl s_client -debug -connect localhost:8443
输出如下:
CONNECTED(00000003)
write to 0xb9f0b0 [0xb9fdb0] (305 bytes => 305 (0x131))
...
depth=0 C = EC, ST = mystate, L = mycity, O = myorg, OU = myou, CN = my name
verify error:num=18:self signed certificate
verify return:1
depth=0 C = EC, ST = mystate, L = mycity, O = myorg, OU = myou, CN = my name
verify return:1
...
Certificate chain
0 s:/C=EC/ST=mystate/L=mycity/O=myorg/OU=myou/CN=my name
i:/C=EC/ST=mystate/L=mycity/O=myorg/OU=myou/CN=my name
---
Server certificate
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
subject=/C=EC/ST=mystate/L=mycity/O=myorg/OU=myou/CN=my name
issuer=/C=EC/ST=mystate/L=mycity/O=myorg/OU=myou/CN=my name
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 1353 bytes and written 431 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 65D77EF99F8E4E7D145ABC005CCBFAA283533280995D7203A0220A6C1D11B9D4
Session-ID-ctx:
Master-Key: 5B2734E8A9EC21DE0090F2AC288A3D6E872FB292455B6F9FF84963D77F745D2E2E627D2A4358AE4A65F89B8EA123571A
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1515167322
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
在 catalina.out 日志文件中,我发现每当我尝试通过浏览器 localhost:8443 访问时,都会出现 NPE:
05-Jan-2018 08:48:06.848 SEVERE [https-jsse-nio-8443-exec-1] org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun
java.lang.NullPointerException
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLEngine(AbstractJsseEndpoint.java:180)
at org.apache.tomcat.util.net.SecureNioChannel.processSNI(SecureNioChannel.java:325)
at org.apache.tomcat.util.net.SecureNioChannel.handshake(SecureNioChannel.java:175)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1353)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:844)
此异常重复 10 次,重复之间的唯一区别是第一行中的子字符串 "exec-<NUMBER>",其中 NUMBER 的范围从 1 到 10(在上例中为 1)。
为什么 doRun 方法抛出 NPE 对我来说是个谜。我尝试了很多配置组合,但无济于事。怎么了?
此问题已由 https://bz.apache.org/bugzilla/show_bug.cgi?id=61914 解决,并将在 Tomcat 9.0.3+ 中解决。
在第 180 行 o.a.t.util.net.AbstractJsseEndpoint.createSSLEngine() 中添加了空检查,以纠正使用 Java 9.
时可能出现的 NPE
虽然我可以在 localhost:8080 上看到 Tomcat 的初始页面,但我在使 JSSE 连接器工作时遇到了问题。我正在 Tomcat 9.0.2 JDK 9.0.1 Ubuntu 16.04.
我的连接器是:
<Connector port="8443"
protocol="org.apache.coyote.http11.Http11NioProtocol"
sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation"
maxThreads="150"
SSLEnabled="true"
scheme="https"
secure="true" >
<SSLHostConfig>
<Certificate certificateKeystoreFile="../.keystore"
certificateKeystorePassword="changeit"
certificateKeyAlias="tomcat"
type="RSA" />
</SSLHostConfig>
</Connector>
但是,当我在浏览器上转到 localhost:8443 时,我看到以下内容:
在 Firefox 上: "The connection was reset. The connection to the server was reset while the page was loading."
关于铬: "This page isn’t working. localhost didn’t send any data. ERR_EMPTY_RESPONSE"
我看到正在正确读取密钥库文件。当我这样做时:
openssl s_client -debug -connect localhost:8443
输出如下:
CONNECTED(00000003)
write to 0xb9f0b0 [0xb9fdb0] (305 bytes => 305 (0x131))
...
depth=0 C = EC, ST = mystate, L = mycity, O = myorg, OU = myou, CN = my name
verify error:num=18:self signed certificate
verify return:1
depth=0 C = EC, ST = mystate, L = mycity, O = myorg, OU = myou, CN = my name
verify return:1
...
Certificate chain
0 s:/C=EC/ST=mystate/L=mycity/O=myorg/OU=myou/CN=my name
i:/C=EC/ST=mystate/L=mycity/O=myorg/OU=myou/CN=my name
---
Server certificate
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
subject=/C=EC/ST=mystate/L=mycity/O=myorg/OU=myou/CN=my name
issuer=/C=EC/ST=mystate/L=mycity/O=myorg/OU=myou/CN=my name
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 1353 bytes and written 431 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 65D77EF99F8E4E7D145ABC005CCBFAA283533280995D7203A0220A6C1D11B9D4
Session-ID-ctx:
Master-Key: 5B2734E8A9EC21DE0090F2AC288A3D6E872FB292455B6F9FF84963D77F745D2E2E627D2A4358AE4A65F89B8EA123571A
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1515167322
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
在 catalina.out 日志文件中,我发现每当我尝试通过浏览器 localhost:8443 访问时,都会出现 NPE:
05-Jan-2018 08:48:06.848 SEVERE [https-jsse-nio-8443-exec-1] org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun
java.lang.NullPointerException
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLEngine(AbstractJsseEndpoint.java:180)
at org.apache.tomcat.util.net.SecureNioChannel.processSNI(SecureNioChannel.java:325)
at org.apache.tomcat.util.net.SecureNioChannel.handshake(SecureNioChannel.java:175)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1353)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:844)
此异常重复 10 次,重复之间的唯一区别是第一行中的子字符串 "exec-<NUMBER>",其中 NUMBER 的范围从 1 到 10(在上例中为 1)。
为什么 doRun 方法抛出 NPE 对我来说是个谜。我尝试了很多配置组合,但无济于事。怎么了?
此问题已由 https://bz.apache.org/bugzilla/show_bug.cgi?id=61914 解决,并将在 Tomcat 9.0.3+ 中解决。
在第 180 行 o.a.t.util.net.AbstractJsseEndpoint.createSSLEngine() 中添加了空检查,以纠正使用 Java 9.