csutherl opened a new pull request, #33: URL: https://github.com/apache/tomcat-native/pull/33
I spent some time digging into the `SSL.getCiphers()` test that caused the JVM to crash (following up on the dev-list thread mentioning it); I found that crashes occur when calling the method without first calling `SSL.initialize()`. The root cause is that `ssl.c` and `sslcontext.c` each declare their own static `stringClass` variable ([ssl.c:43](https://github.com/apache/tomcat-native/blob/main/native/src/ssl.c#L43) and [sslcontext.c:30](https://github.com/apache/tomcat-native/blob/main/native/src/sslcontext.c#L30)). The variable in `ssl.c` gets initialized only when `SSL.initialize()` is called ([ssl.c:221-223](https://github.com/apache/tomcat-native/blob/main/native/src/ssl.c#L221-L223)), but `SSL.getCiphers()` uses it directly without any NULL check ([ssl.c:1104](https://github.com/apache/tomcat-native/blob/main/native/src/ssl.c#L1104)). In contrast, `sslcontext.c` handles this correctly: `SSLContext.make()` uses lazy initialization with a NULL check ([sslcontext.c:410-415](ht tps://github.com/apache/tomcat-native/blob/main/native/src/sslcontext.c#L410-L415)) before any method uses the variable. The crash occurs when code calls `SSLContext.make()` (which initializes `stringClass` in `sslcontext.c` but not in `ssl.c`), then calls `SSL.getCiphers()` without having called `SSL.initialize()` first. The method appears unused in Tomcat proper, so I think we have two options: 1. Fix it by adding the same defensive NULL check that works in `sslcontext.c:410-414`, which is what this PR does 2. Remove the method as it appears to be dead code Fixing the issue is just a few added lines, and provides different information than `SSLContext.getCiphers()` (per-connection negotiated ciphers vs context-level configured ciphers) so it may be useful to keep for any user that might want to do so in the future. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
