I use SSLEngines together with NIO to provide nonblocking SSL connections to my application. At some point during the handshake (probably after receiving ServerHelloDone) the SSLEngine requires me to process a delegated task.
So I call getDelegatedTask and call it's run method. The task itself calls X509ExtendedKeyManager.getCertificateChain, which in turn throws an NullPointerException. That exception is caught by the Handshaker and stored for later reporting.
However reporting works by calling the private checkTaskThrown method that is only called when a message was received or a message is to be sent.
But without getCertificateChain to complete correctly, there is nothing to send and the other side sends nothing as well, so there is nothing to receive. Hence the exception stays hidden.
As no side proceeds, we have a livelock. And I found no way to prevent or detect that, except for
checkTaskThrownNeither of which is the route I want to go...
When the task completes you should retry the operation that returned NEED_TASK.
You need to find and fix the NPE in your KeyManager.