SSLHeaderHandler mishandles empty or non-base64 SSL_SESSION_ID header

Issue

• We have a proxy in front of JBoss terminating HTTPS. It is set up to forward ssl info and SSLHeaderHandler is enabled on JBoss to intercept these headers. If the SSL_SESSION_ID is not present, SSLHeaderHandler appears to do nothing.
• If SSL_SESSION_ID is not a base64 encoded value, SSLHeaderHandler hits a RuntimeException that fails the request:

java.lang.RuntimeException: java.io.IOException: Invalid base64 character encountered: 40
        at io.undertow.server.BasicSSLSessionInfo.base64Decode(BasicSSLSessionInfo.java:136)
        at io.undertow.server.BasicSSLSessionInfo.<init>(BasicSSLSessionInfo.java:84)
        at io.undertow.server.handlers.SSLHeaderHandler.handleRequest(SSLHeaderHandler.java:98)
        at io.undertow.predicate.PredicatesHandler.handleRequest(PredicatesHandler.java:93)
        at org.wildfly.extension.undertow.Host$HostRootHandler.handleRequest(Host.java:293)
        at io.undertow.server.handlers.NameVirtualHostHandler.handleRequest(NameVirtualHostHandler.java:64)
        at io.undertow.server.handlers.error.SimpleErrorPageHandler.handleRequest(SimpleErrorPageHandler.java:76)
        at io.undertow.server.handlers.CanonicalPathHandler.handleRequest(CanonicalPathHandler.java:49)
        at io.undertow.server.handlers.ChannelUpgradeHandler.handleRequest(ChannelUpgradeHandler.java:158)
        at io.undertow.server.handlers.DisallowedMethodsHandler.handleRequest(DisallowedMethodsHandler.java:61)
        at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
        at io.undertow.server.protocol.http.HttpReadListener.handleEventWithNoRunningRequest(HttpReadListener.java:233)
        at io.undertow.server.protocol.http.HttpReadListener.handleEvent(HttpReadListener.java:131)
        at io.undertow.server.protocol.http.HttpReadListener.handleEvent(HttpReadListener.java:57)
        at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
        at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66)
        at io.undertow.protocols.ssl.SslConduit$SslReadReadyHandler.readReady(SslConduit.java:1122)
        at io.undertow.protocols.ssl.SslConduit$1.run(SslConduit.java:166)
        at org.xnio.nio.WorkerThread.safeRun(WorkerThread.java:580)
        at org.xnio.nio.WorkerThread.run(WorkerThread.java:464)
Caused by: java.io.IOException: Invalid base64 character encountered: 40
        at io.undertow.util.FlexBase64$Decoder.nextByte(FlexBase64.java:1039)
        at io.undertow.util.FlexBase64$Decoder.nextByte(FlexBase64.java:1013)
        at io.undertow.util.FlexBase64$Decoder.decode(FlexBase64.java:1240)
        at io.undertow.util.FlexBase64$Decoder.decode(FlexBase64.java:1345)
        at io.undertow.util.FlexBase64$Decoder.decode(FlexBase64.java:1411)
        at io.undertow.util.FlexBase64$Decoder.access$500(FlexBase64.java:981)
        at io.undertow.util.FlexBase64.decode(FlexBase64.java:305)
        at io.undertow.server.BasicSSLSessionInfo.base64Decode(BasicSSLSessionInfo.java:126)
        ... 19 more

• httpd/mod_ssl sets the SSL_SESSION_ID to (null) if one is not present and a SSL_SESSION_ID would not always be expected, especially in the first request as in SSL_SESSION_ID does not appear HTTP header in first access. So the SSLHeaderHandler implementation appears to be incorrect.