Obtaining SSL Certificate Expiry Dates with Lucee 6 and Java 17 or 21

dev support
1

The following code works with Java 11

<cfset factory = CreateObject("java", "javax.net.ssl.HttpsURLConnection").getDefaultSSLSocketFactory()>
<cfset socket = factory.createSocket("dev.lucee.org", JavaCast("int", 443))>
<cfset socket.startHandshake()>
<cfset certs = socket.getSession().getPeerCertificates()>
<cfif IsArray(certs)>
	<cfset expiry = certs[1].getNotAfter()>
</cfif>
<cfset socket.close()>
<cfdump var="#expiry#">

However, with Java 17 or 21, I get the following error with factory.createSocket

java.lang.reflect.InaccessibleObjectException
Unable to make public java.net.Socket sun.security.ssl.SSLSocketFactoryImpl.createSocket(java.lang.String,int) throws java.io.IOException accessible: module java.base does not ‘exports sun.security.ssl’ to unnamed module

I believe this is due to extra restrictions in later versions of Java where the method isn’t public and I need to make it accessible somehow.

Does anyone know how to overcome this restriction in Java 17 or 21?

OS: Windows 2016
Java Version: Eclipse Adoptium OpenJDK Runtime Environment 21.0.3+9-LTS
Tomcat Version: 9.0.89
Lucee Version: 6.0.3.1

2

As an update, the above code works with
Lucee: 6.1.0.243
Java: 21.0.4+7-LTS
Tomcat: 9.0.96

1 Like
3

With Lucee 6.1 we did switch from using reflection to our own framework for direct class invocation, that issue is solved with that.