Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Regression: SSL session contains extraneous NULL extries in peer certificate chain. #6098

JackOfMostTrades opened this issue Dec 3, 2016 · 1 comment


Copy link

commented Dec 3, 2016

Netty version: 4.1.6.Final

Initiating client TLS negotiation with a certificate chain (client cert + trust chain) on netty 4.1.6.Final (with grpc-netty 1.02 and netty-tcnative-boringssl-static 1.1.33.Fork23) results in the SSLSession presenting a peer certificate chain array that is longer that the actual peer certificate chain, though the extra entries are all NULL. In the example below, the expected peer chain length is 2, but the returned array length is 412.

This scenario worked with grpc-netty 1.0.1, netty 4.1.5.Fina, and netty-tcnative-boringssl-static 1.1.33.Fork23.

Steps to reproduce:
Example program to reproduce posted using grpc 1.0.2:

$ java -version
openjdk version "1.8.0_111"
OpenJDK Runtime Environment (build 1.8.0_111-8u111-b14-2~bpo8+1-b14)
OpenJDK 64-Bit Server VM (build 25.111-b14, mixed mode)

$ lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 8.6 (jessie)
Release: 8.6
Codename: jessie

$ uname -a
Linux lgud-ihaken 3.16.0-4-amd64 #1 SMP Debian 3.16.36-1+deb8u2 (2016-10-19) x86_64 GNU/Linux


This comment has been minimized.

Copy link

commented Dec 3, 2016

@JackOfMostTrades i think this was fixed by 4ee361e#diff-a1fda854eff0bab9ba7a0975852e7ed6 And so will be fixed in the next release

@normanmaurer normanmaurer self-assigned this Dec 3, 2016

@normanmaurer normanmaurer added this to the 4.0.43.Final milestone Dec 3, 2016

@normanmaurer normanmaurer added the defect label Dec 3, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
2 participants
You can’t perform that action at this time.