Java NIO SSO处理器中的空指针 [英] null pointer in java NIO SSO processor
问题描述
尝试使用JDK 11偶尔在tomcat 9上运行gitblit,结果在此堆栈跟踪中:
trying to run gitblit, on tomcat 9, using JDK 11 occassionaly results in this stack trace:
gitblit | 07-May-2020 04:30:39.247 SEVERE [https-jsse-nio-8443-exec-10] org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun Error running socket processor
gitblit | java.lang.NullPointerException
gitblit | at java.base/sun.security.ssl.HKDF.extract(HKDF.java:93)
gitblit | at java.base/sun.security.ssl.HKDF.extract(HKDF.java:119)
gitblit | at java.base/sun.security.ssl.ServerHello.setUpPskKD(ServerHello.java:1167)
gitblit | at java.base/sun.security.ssl.ServerHello$T13ServerHelloProducer.produce(ServerHello.java:545)
gitblit | at java.base/sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:436)
gitblit | at java.base/sun.security.ssl.ClientHello$T13ClientHelloConsumer.goServerHello(ClientHello.java:1234)
gitblit | at java.base/sun.security.ssl.ClientHello$T13ClientHelloConsumer.consume(ClientHello.java:1170)
gitblit | at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:852)
gitblit | at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:813)
gitblit | at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
gitblit | at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444)
gitblit | at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1061)
gitblit | at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1048)
gitblit | at java.base/java.security.AccessController.doPrivileged(Native Method)
gitblit | at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:995)
gitblit | at org.apache.tomcat.util.net.SecureNioChannel.tasks(SecureNioChannel.java:443)
gitblit | at org.apache.tomcat.util.net.SecureNioChannel.handshakeUnwrap(SecureNioChannel.java:507)
gitblit | at org.apache.tomcat.util.net.SecureNioChannel.handshake(SecureNioChannel.java:238)
gitblit | at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1616)
gitblit | at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
gitblit | at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
gitblit | at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
gitblit | at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
gitblit | at java.base/java.lang.Thread.run(Thread.java:834)
当客户端尝试从gitblit GUI中提取文件时.
When the clients are trying to pull files from the gitblit GUI.
可能感兴趣,直到我更新到JDF的11.0.7版本,我才看到以下错误: 打开JDK 11 HTTP/2握手ServerHello java.util. NoSuchElementException
Possibly of interest, until I updated to the 11.0.7 version of the JDF, I was seeing this error: Open JDK 11 HTTP/2 Handshake ServerHello java.util.NoSuchElementException
修正了此处可选"的误用之处: https://bugs .openjdk.java.net/browse/JDK-8218889 ,但也许并没有真正解决根本问题?
Where the fixed the mis-use of the Optional here: https://bugs.openjdk.java.net/browse/JDK-8218889 but perhaps, didn't actually address the root problem?
关于引发此错误的原因还有其他想法吗?我在这里使用自签名证书,仅供参考.客户端是Firefox,而Java版本是
Or any other thoughts as to what is triggering this error? I'm using a self-signed cert here, FYI. The client is Firefox, and the java release is
openjdk版本"11.0.7" 2020-04-14 OpenJDK运行时环境采用OpenJDK(内部版本11.0.7 + 10) OpenJDK 64位服务器VM采用OpenJDK(内部版本11.0.7 + 10,混合模式)
openjdk version "11.0.7" 2020-04-14 OpenJDK Runtime Environment AdoptOpenJDK (build 11.0.7+10) OpenJDK 64-Bit Server VM AdoptOpenJDK (build 11.0.7+10, mixed mode)
在高山linux docker系统中运行.
Running inside an alpine linux docker system.
解决一个问题,其中gitblit偶尔会出现1分钟超时,并在日志中找到该超时.不确定是否相关....
Chasing down an issue where gitblit has occassional 1 minute timeouts, and finding this in the log. Not sure if related, or not....
看起来也可以在tomcat https://bz中找到它. apache.org/bugzilla/show_bug.cgi?id=64105 ,并在此处报告
Looks like it has also been found in tomcat https://bz.apache.org/bugzilla/show_bug.cgi?id=64105, and reported here
https://bugs.openjdk.java.net/browse/JDK-8241248
由于我无法提供有关openjdk错误跟踪器的信息,因此我可以告诉您,通常导致我出错的客户端是Linux上的Firefox 75.
Since I can't provide info on the openjdk bug tracker, I can tell you that the client that typically causes it for me is Firefox 75 on linux.
推荐答案
正如您提供的bugtracker参考所指出的,这是与会话恢复有关的bug.
As pointed out by the bugtracker references that you provide, this is a bug related to session resumption.
尽管此答案不能解决错误本身,但仍有可能要求SSLEngine禁止为特定连接重新开始.这会影响将来的连接性能,因为要求客户端重新握手以建立新的连接,而不是利用会话恢复机制.
While this answer does not address the bug itself, there is a possibility to ask the SSLEngine to disallow resumption for a particular connection. This comes at a performance penalty for future connections because the client is required to redo the handshake for new connections instead of leveraging the session resumption mechanism.
At any time after the handshake is established, you can call invalidate() on the SSLSession. As pointed in the doc:
将来的连接将无法继续或加入此会话.但是,使用此会话的任何现有连接都可以继续使用该会话,直到关闭该连接为止.
Future connections will not be able to resume or join this session. However, any existing connection using this session can continue to use the session until the connection is closed.
这意味着它对当前连接没有任何影响,但是将阻止会话恢复,从而避免了JDK错误.
Meaning that it has no effect on the current connection, but will prevent session resumption and thus avoid the JDK bug.
我的握手循环代码段:
case NOT_HANDSHAKING:
case FINISHED:
{
if( !sslEngine.getSession().isValid() || sslEngine.getSession().getId().length == 0 )
throw new SSLHandshakeException("Handshake failed");
// prevent bug with rejoin session
sslEngine.getSession().invalidate();
return;
}
这篇关于Java NIO SSO处理器中的空指针的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
