Skip to content

Fix nullability issues in SslConfiguration #3953

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 3 commits into
base: 2.x
Choose a base branch
from
Open

Fix nullability issues in SslConfiguration #3953

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
d19c9f9
Fix nullability issues in `SslConfiguration`
jvz Oct 10, 2025
6526052
Update src/changelog/.2.x.x/3947_fix_SslSocketManager_null_keystore.xml
jvz Oct 13, 2025
75e366f
Merge branch '2.x' into fix/2.x/syslog-truststore
jvz Oct 13, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion ...core-test/src/test/java/org/apache/logging/log4j/core/appender/TlsSyslogAppenderTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -83,7 +83,9 @@ private void initServerSocketFactory() throws StoreConfigurationException {
final TrustStoreConfiguration tsc = new TrustStoreConfiguration(
SslKeyStoreConstants.TRUSTSTORE_LOCATION, SslKeyStoreConstants::TRUSTSTORE_PWD, null, null);
sslConfiguration = SslConfiguration.createSSLConfiguration(null, ksc, tsc);
serverSocketFactory = sslConfiguration.getSslContext().getServerSocketFactory();
serverSocketFactory = sslConfiguration.getSslContext() != null
? sslConfiguration.getSslContext().getServerSocketFactory()
: (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
}

private void initTlsTestEnvironment(final int numberOfMessages, final TlsSyslogMessageFormat messageFormat)
Expand Down
10 changes: 7 additions & 3 deletions ...j-core/src/main/java/org/apache/logging/log4j/core/appender/HttpURLConnectionManager.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,8 +23,10 @@
import java.net.HttpURLConnection;
import java.net.URL;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.util.Objects;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import org.apache.logging.log4j.core.Layout;
import org.apache.logging.log4j.core.LogEvent;
import org.apache.logging.log4j.core.LoggerContext;
Expand All @@ -37,7 +39,7 @@

public class HttpURLConnectionManager extends HttpManager {

private static final Charset CHARSET = Charset.forName("US-ASCII");
private static final Charset CHARSET = StandardCharsets.US_ASCII;

private final URL url;
private final boolean isHttps;
Expand Down Expand Up @@ -100,8 +102,10 @@ public void send(final Layout<?> layout, final LogEvent event) throws IOExceptio
header.getName(), header.evaluate(getConfiguration().getStrSubstitutor()));
}
if (sslConfiguration != null) {
((HttpsURLConnection) urlConnection)
.setSSLSocketFactory(sslConfiguration.getSslContext().getSocketFactory());
final SSLContext sslContext = sslConfiguration.getSslContext();
if (sslContext != null) {
((HttpsURLConnection) urlConnection).setSSLSocketFactory(sslContext.getSocketFactory());
}
}
if (isHttps && !verifyHostname) {
((HttpsURLConnection) urlConnection).setHostnameVerifier(LaxHostnameVerifier.INSTANCE);
Expand Down
9 changes: 6 additions & 3 deletions log4j-core/src/main/java/org/apache/logging/log4j/core/net/SmtpManager.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@
import javax.mail.internet.MimeMultipart;
import javax.mail.internet.MimeUtility;
import javax.mail.util.ByteArrayDataSource;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import org.apache.logging.log4j.LoggingException;
import org.apache.logging.log4j.core.Layout;
Expand Down Expand Up @@ -308,9 +309,11 @@ public SmtpManager createManager(final String name, final FactoryData data) {
if (smtpProtocol.equals("smtps")) {
final SslConfiguration sslConfiguration = data.getSslConfiguration();
if (sslConfiguration != null) {
final SSLSocketFactory sslSocketFactory =
sslConfiguration.getSslContext().getSocketFactory();
properties.put(prefix + ".ssl.socketFactory", sslSocketFactory);
final SSLContext sslContext = sslConfiguration.getSslContext();
if (sslContext != null) {
final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
properties.put(prefix + ".ssl.socketFactory", sslSocketFactory);
}
properties.setProperty(
prefix + ".ssl.checkserveridentity", Boolean.toString(sslConfiguration.isVerifyHostName()));
}
Expand Down
15 changes: 8 additions & 7 deletions log4j-core/src/main/java/org/apache/logging/log4j/core/net/SslSocketManager.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,8 +27,10 @@
import java.util.Collections;
import java.util.Enumeration;
import java.util.List;
import java.util.Objects;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import org.apache.logging.log4j.core.Layout;
Expand Down Expand Up @@ -245,6 +247,7 @@ public static SslSocketManager getSocketManager(
*/
private static String createSslConfigurationId(final SslConfiguration sslConfig) {
return String.valueOf(Stream.of(sslConfig.getKeyStoreConfig(), sslConfig.getTrustStoreConfig())
.filter(Objects::nonNull)
.flatMap(keyStoreConfig -> {
final Enumeration<String> aliases;
try {
Expand Down Expand Up @@ -289,15 +292,13 @@ protected Socket createSocket(final InetSocketAddress socketAddress) throws IOEx
}

private static SSLSocketFactory createSslSocketFactory(final SslConfiguration sslConf) {
SSLSocketFactory socketFactory;

if (sslConf != null) {
socketFactory = sslConf.getSslContext().getSocketFactory();
} else {
socketFactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
final SSLContext sslContext = sslConf.getSslContext();
if (sslContext != null) {
return sslContext.getSocketFactory();
}
}

return socketFactory;
return (SSLSocketFactory) SSLSocketFactory.getDefault();
}

private static class SslSocketManagerFactory extends TcpSocketManagerFactory<SslSocketManager, SslFactoryData> {
Expand Down
10 changes: 7 additions & 3 deletions log4j-core/src/main/java/org/apache/logging/log4j/core/net/UrlConnectionFactory.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@
import java.util.Arrays;
import java.util.List;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import org.apache.logging.log4j.core.config.ConfigurationFactory;
import org.apache.logging.log4j.core.net.ssl.LaxHostnameVerifier;
import org.apache.logging.log4j.core.net.ssl.SslConfiguration;
Expand Down Expand Up @@ -120,10 +121,13 @@ public static <T extends URLConnection> T createConnection(
httpURLConnection.setIfModifiedSince(lastModifiedMillis);
}
if (url.getProtocol().equals(HTTPS) && sslConfiguration != null) {
((HttpsURLConnection) httpURLConnection)
.setSSLSocketFactory(sslConfiguration.getSslContext().getSocketFactory());
final SSLContext sslContext = sslConfiguration.getSslContext();
final HttpsURLConnection httpsURLConnection = (HttpsURLConnection) httpURLConnection;
if (sslContext != null) {
httpsURLConnection.setSSLSocketFactory(sslContext.getSocketFactory());
}
if (!sslConfiguration.isVerifyHostName()) {
((HttpsURLConnection) httpURLConnection).setHostnameVerifier(LaxHostnameVerifier.INSTANCE);
httpsURLConnection.setHostnameVerifier(LaxHostnameVerifier.INSTANCE);
}
}
urlConnection = httpURLConnection;
Expand Down
12 changes: 10 additions & 2 deletions log4j-core/src/main/java/org/apache/logging/log4j/core/net/ssl/SslConfiguration.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,7 @@ public class SslConfiguration {
@Nullable
private final TrustStoreConfiguration trustStoreConfig;

@Nullable
private final transient SSLContext sslContext;

private SslConfiguration(
Expand Down Expand Up @@ -88,8 +89,9 @@ public void clearSecrets() {
* @deprecated Use {@link SSLContext#getSocketFactory()} on {@link #getSslContext()}
*/
@Deprecated
@Nullable
public SSLSocketFactory getSslSocketFactory() {
return sslContext.getSocketFactory();
return sslContext != null ? sslContext.getSocketFactory() : null;
}

/**
Expand All @@ -99,10 +101,12 @@ public SSLSocketFactory getSslSocketFactory() {
* @deprecated Use {@link SSLContext#getServerSocketFactory()} on {@link #getSslContext()}
*/
@Deprecated
@Nullable
public SSLServerSocketFactory getSslServerSocketFactory() {
return sslContext.getServerSocketFactory();
return sslContext != null ? sslContext.getServerSocketFactory() : null;
}

@Nullable
private static SSLContext createDefaultSslContext(final String protocol) {
try {
return SSLContext.getDefault();
Expand All @@ -121,6 +125,7 @@ private static SSLContext createDefaultSslContext(final String protocol) {
}
}

@Nullable
private static SSLContext createSslContext(
final String protocol,
@Nullable final KeyStoreConfiguration keyStoreConfig,
Expand Down Expand Up @@ -242,14 +247,17 @@ public boolean isVerifyHostName() {
return verifyHostName;
}

@Nullable
public KeyStoreConfiguration getKeyStoreConfig() {
return keyStoreConfig;
}

@Nullable
public TrustStoreConfiguration getTrustStoreConfig() {
return trustStoreConfig;
}

@Nullable
public SSLContext getSslContext() {
return sslContext;
}
Expand Down
9 changes: 6 additions & 3 deletions log4j-jakarta-smtp/src/main/java/org/apache/logging/log4j/smtp/SmtpManager.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@
import java.io.OutputStream;
import java.util.Date;
import java.util.Properties;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import org.apache.logging.log4j.LoggingException;
import org.apache.logging.log4j.core.Layout;
Expand Down Expand Up @@ -262,9 +263,11 @@ public SmtpManager createManager(final String name, final FactoryData data) {
if (smtpProtocol.equals("smtps")) {
final SslConfiguration sslConfiguration = data.getSslConfiguration();
if (sslConfiguration != null) {
final SSLSocketFactory sslSocketFactory =
sslConfiguration.getSslContext().getSocketFactory();
properties.put(prefix + ".ssl.socketFactory", sslSocketFactory);
final SSLContext sslContext = sslConfiguration.getSslContext();
if (sslContext != null) {
final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
properties.put(prefix + ".ssl.socketFactory", sslSocketFactory);
}
properties.setProperty(
prefix + ".ssl.checkserveridentity", Boolean.toString(sslConfiguration.isVerifyHostName()));
}
Expand Down
13 changes: 13 additions & 0 deletions src/changelog/.2.x.x/3947_fix_SslSocketManager_null_keystore.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
<?xml version="1.0" encoding="UTF-8"?>
<entry xmlns="https://logging.apache.org/xml/ns"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
https://logging.apache.org/xml/ns
https://logging.apache.org/xml/ns/log4j-changelog-0.xsd"
type="fixed">
<issue id="3947" link="https://github.com/apache/logging-log4j2/issues/3947"/>
<issue id="3953" link="https://github.com/apache/logging-log4j2/pull/3953"/>
<description format="asciidoc">
Fix failures caused by null `SslConfiguration`
</description>
</entry>