Exception in IceSSL.TrustManager

[sol79]

Hi,

I have an Ice server application with two object adapters - external for clients and internal for other servers. Both are listening over SSL, but external one can accept incoming calls from clients without certificate, while internal adapter requires a valid certificate. So I configured IceSSL plugin (Java) as follows:
IceSSL.VerifyPeer=1
IceSSL.TrustOnly.Server.InternalAdapter="CN="Trust ed Server""

Everything worked fine until I tried to check what will happen when a client without certificate connects to internal adapter. I expected the connection to be rejected, but instead the server crashed with this exception:

java.lang.NullPointerException
at IceSSL.TrustManager.verify(TrustManager.java:90)
at IceSSL.Instance.verifyPeer(Instance.java:704)
at IceSSL.TransceiverI.handshakeCompleted(Transceiver I.java:766)
at IceSSL.TransceiverI.handshake(TransceiverI.java:57 3)
at IceSSL.TransceiverI.write(TransceiverI.java:190)
at Ice.ConnectionI.validate(ConnectionI.java:120)
at IceInternal.IncomingConnectionFactory.message(Inco mingConnectionFactory.java:313)
at IceInternal.ThreadPool.run(ThreadPool.java:782)
at IceInternal.ThreadPool.access$100(ThreadPool.java: 12)
at IceInternal.ThreadPool$EventHandlerThread.run(Thre adPool.java:1242)

Looking inside the code I found that there's no safe check whether info.cert is null (just whether it is empty), which apparently caused the exception. With such behavior I can't make my server secure against attacks. Am I using a wrong approach for server configuration or this is sort of bug to be fixed?

Thanks

[mes]

Hi,

That's a bug in IceSSL. You can fix it by replacing line 90 of TrustManager.java with the following:

Code:

        if(info.certs != null && info.certs.length != 0)

Thanks for reporting this problem; it will be fixed in the next release.

Take care,
- Mark

[sol79]

Thanks for fast reply!