LDAP/TLS regression in 8u272
Thorsten Meinl
thorsten.meinl at knime.com
Thu Oct 29 16:04:01 UTC 2020
Hi folks,
Not sure if this is the right place to report issues but I didn't find any
other place (Jira is not accessible for non-contributors).
The 8u272 update has broken LDAP via TLS. Connection attempts fail with
javax.naming.NamingException: hostname of the server '' does not match the
hostname in the server's certificate.
at
org.apache.catalina.realm.JNDIRealm.createTlsDirContext(JNDIRealm.java:2518)
at
org.apache.catalina.realm.JNDIRealm.createDirContext(JNDIRealm.java:2424)
at org.apache.catalina.realm.JNDIRealm.open(JNDIRealm.java:2392)
at org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:
1286)
at
org.apache.catalina.realm.CombinedRealm.authenticate(CombinedRealm.java:195)
at
org.apache.catalina.realm.LockOutRealm.authenticate(LockOutRealm.java:158)
at
org.apache.catalina.realm.CombinedRealm.authenticate(CombinedRealm.java:195)
in Apache Tomcat. Note the empty server name. I can confirm that the LDAP
server is configured correctly and the certificate matches the hostname.
Switching back to 8u265 makes it work again.
I'm wondering if this is related to the various TLS changes in 8u272.
Thanks,
Thorsten
--
Dr.-Ing. Thorsten Meinl
KNIME AG
Hardturmstrasse 66
8005 Zurich, Switzerland
More information about the jdk8u-dev
mailing list