I've got Tomcat 7.0.12 using APR and OpenSSL. Everything appears to be working just fine, but I'm seeing some NullPointerException stack traces showing up in the logs. As far as I can tell, it appears to be happening whenever a client connects, initiates the TLS handshake, receives the server's certificate and then immediately closes the TCP connection without proceeding with the key exchange.
I'm using a self-signed certificate, so this happens (for example) whenever the browser doesn't trust the certificate and must ask the user to verify it. The client obviously doesn't care since it's the one that disconnected.
DEBUG ["http-apr-443"-exec-3] org.apache.tomcat.util.net.AprEndpoint: Handshake failed: error:00000000:lib(0):func(0):reason(0)
ERROR ["http-apr-443"-exec-3] org.apache.coyote.http11.Http11AprProtocol: Error reading request, ignored
java.lang.NullPointerException
at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:221)
at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:323)
at org.apache.tomcat.util.net.AprEndpoint$SocketWithOptionsProcessor.run(AprEndpoint.java:1675)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
If the client doesn't disconnect after receiving the certificate from the server, and instead proceeds with the handshake, everything works as expected with no errors in the logs. Perhaps it's just cosmetic, but perhaps I've done something wrong.
The connector is configured thusly (more or less copied from an example somewhere):
<Connector
SSLCertificateFile="/etc/ssl/certs/server.crt"
SSLCertificateKeyFile="/etc/ssl/private/server.key"
SSLEnabled="true"
acceptCount="100"
clientAuth="optional"
disableUploadTimeout="true"
enableLookups="false"
maxHttpHeaderSize="8192"
maxThreads="150"
port="443"
scheme="https"
secure="true"
sslProtocol="TLSv1"
/>
Edit to add, FWIW, I just noticed there's a similar stack trace ending up in catalina.out at the same time:
Exception in thread ""http-apr-443"-exec-3" java.lang.NullPointerException
at org.apache.tomcat.util.net.AprEndpoint$SocketWithOptionsProcessor.run(AprEndpoint.java:1678)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Best Answer
This is a red herring; its catching the exception from the connection handler and dumping a trace. Its cryptic errors like this that cause me to suggest using
mod_jkfor forwarding requests to the AJP connector on Tomcat.