Jetty HttpClient inside of AsyncProxyServlet doesn't support SSL?

Question

Using jetty 9.4.8.v20171121

Line 70 of the above class throws a nullpointer exception on this code:

SSLEngine engine = sslContextFactory.newEngine(host, port);

I've set a breakpoint on the first line of the constructor for this class and its never called, so why is newConnection being called without creating the SslContextFactory first as in the constructor is the only place its being set.

This is a proxy request all host, port, keys are all fine. Its being called from ClientSelectorManager.

Also this only shows up under debug which seems like there's sa bug that its not thrown as an Error

Stacktrace: DEBUG org.eclipse.jetty.client.AbstractConnectionPool [] - Connection 1/256 creation failed

java.lang.NullPointerException: null
at org.eclipse.jetty.io.ssl.SslClientConnectionFactory.newConnection(SslClientConnectionFactory.java:70) ~[jetty-io-9.4.8.v20171121.jar:9.4.8.v20171121]
at org.eclipse.jetty.client.AbstractConnectorHttpClientTransport$ClientSelectorManager.newConnection(AbstractConnectorHttpClientTransport.java:172) ~[?:?]
at org.eclipse.jetty.io.ManagedSelector.createEndPoint(ManagedSelector.java:208) ~[jetty-io-9.4.8.v20171121.jar:9.4.8.v20171121]
at org.eclipse.jetty.io.ManagedSelector.access$1600(ManagedSelector.java:60) ~[jetty-io-9.4.8.v20171121.jar:9.4.8.v20171121]
at org.eclipse.jetty.io.ManagedSelector$CreateEndPoint.run(ManagedSelector.java:650) [jetty-io-9.4.8.v20171121.jar:9.4.8.v20171121]
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:708) [jetty-util-9.4.8.v20171121.jar:9.4.8.v20171121]
at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:626) [jetty-util-9.4.8.v20171121.jar:9.4.8.v20171121]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_121]

I think the answer here is to override newHttpClient() and create your own new contextFactory and pass it in as a constructor arg.

Answer 1

You either haven't started HttpClient (aka HttpClient.start() ) or you haven't provided an SslContextFactory to the HttpClient constructor.

Since you mention newHttpClient() I would guess you have ProxyServlet (that you failed to mention in your question).

Yes, the default HttpClient has no SSL context or configuration. That's up to you to define/provide.

Overriding AbstractProxyServlet.newHttpClient() is appropriate.

See Default implementation: https://github.com/eclipse/jetty.project/blob/jetty-9.4.9.v20180320/jetty-proxy/src/main/java/org/eclipse/jetty/proxy/AbstractProxyServlet.java#L349-L361

You can get away with just ...

package jetty.proxy;

import org.eclipse.jetty.client.HttpClient;
import org.eclipse.jetty.proxy.AsyncProxyServlet;
import org.eclipse.jetty.util.ssl.SslContextFactory;

public class MyProxyServlet extends AsyncProxyServlet
{
    @Override
    protected HttpClient newHttpClient()
    {
        SslContextFactory ssl = new SslContextFactory();
        ssl.setTrustAll(true); // configure ssl (example, not required)
        return new HttpClient(ssl);
    }
}