eater's questions -server

eater

Asked: 2011-04-20 11:16:41 +0800 CST

Tomcat NullPointerException when client doesn't complete SSL handshake

I've got Tomcat 7.0.12 using APR and OpenSSL. Everything appears to be working just fine, but I'm seeing some NullPointerException stack traces showing up in the logs. As far as I can tell, it appears to be happening whenever a client connects, initiates the TLS handshake, receives the server's certificate and then immediately closes the TCP connection without proceeding with the key exchange.

I'm using a self-signed certificate, so this happens (for example) whenever the browser doesn't trust the certificate and must ask the user to verify it. The client obviously doesn't care since it's the one that disconnected.

DEBUG ["http-apr-443"-exec-3] org.apache.tomcat.util.net.AprEndpoint: Handshake failed: error:00000000:lib(0):func(0):reason(0)
ERROR ["http-apr-443"-exec-3] org.apache.coyote.http11.Http11AprProtocol: Error reading request, ignored
java.lang.NullPointerException
    at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:221)
    at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:323)
    at org.apache.tomcat.util.net.AprEndpoint$SocketWithOptionsProcessor.run(AprEndpoint.java:1675)
    at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)

If the client doesn't disconnect after receiving the certificate from the server, and instead proceeds with the handshake, everything works as expected with no errors in the logs. Perhaps it's just cosmetic, but perhaps I've done something wrong.

The connector is configured thusly (more or less copied from an example somewhere):

<Connector
  SSLCertificateFile="/etc/ssl/certs/server.crt"
  SSLCertificateKeyFile="/etc/ssl/private/server.key"
  SSLEnabled="true"
  acceptCount="100"
  clientAuth="optional"
  disableUploadTimeout="true"
  enableLookups="false"
  maxHttpHeaderSize="8192"
  maxThreads="150"
  port="443"
  scheme="https"
  secure="true"
  sslProtocol="TLSv1"
/>

Edit to add, FWIW, I just noticed there's a similar stack trace ending up in catalina.out at the same time:

Exception in thread ""http-apr-443"-exec-3" java.lang.NullPointerException
    at org.apache.tomcat.util.net.AprEndpoint$SocketWithOptionsProcessor.run(AprEndpoint.java:1678)
    at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)

Tomcat NullPointerException when client doesn't complete SSL handshake

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?