LDAP/TLS regression in 8u272
Severin Gehwolf
sgehwolf at redhat.com
Fri Oct 30 13:06:44 UTC 2020
Hi
On Thu, 2020-10-29 at 17:04 +0100, Thorsten Meinl wrote:
> Hi folks,
>
> Not sure if this is the right place to report issues but I didn't find any
> other place (Jira is not accessible for non-contributors).
> The 8u272 update has broken LDAP via TLS. Connection attempts fail with
>
> javax.naming.NamingException: hostname of the server '' does not match the
> hostname in the server's certificate.
> at
> org.apache.catalina.realm.JNDIRealm.createTlsDirContext(JNDIRealm.java:2518)
> at
> org.apache.catalina.realm.JNDIRealm.createDirContext(JNDIRealm.java:2424)
> at org.apache.catalina.realm.JNDIRealm.open(JNDIRealm.java:2392)
> at org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:
> 1286)
> at
> org.apache.catalina.realm.CombinedRealm.authenticate(CombinedRealm.java:195)
> at
> org.apache.catalina.realm.LockOutRealm.authenticate(LockOutRealm.java:158)
> at
> org.apache.catalina.realm.CombinedRealm.authenticate(CombinedRealm.java:195)
>
> in Apache Tomcat. Note the empty server name. I can confirm that the LDAP
> server is configured correctly and the certificate matches the hostname.
> Switching back to 8u265 makes it work again.
> I'm wondering if this is related to the various TLS changes in 8u272.
It might be. Does it work with JDK 11? Would you have a reproducer for
this issue?
Thanks,
Severin
More information about the jdk8u-dev
mailing list