LDAP/TLS regression in 8u272

Severin Gehwolf sgehwolf at redhat.com
Fri Oct 30 13:06:44 UTC 2020


Hi

On Thu, 2020-10-29 at 17:04 +0100, Thorsten Meinl wrote:
> Hi folks,
> 
> Not sure if this is the right place to report issues but I didn't find any 
> other place (Jira is not accessible for non-contributors).
> The 8u272 update has broken LDAP via TLS. Connection attempts fail with
> 
>  javax.naming.NamingException: hostname of the server '' does not match the 
> hostname in the server's certificate.
>         at 
> org.apache.catalina.realm.JNDIRealm.createTlsDirContext(JNDIRealm.java:2518)
>         at 
> org.apache.catalina.realm.JNDIRealm.createDirContext(JNDIRealm.java:2424)
>         at org.apache.catalina.realm.JNDIRealm.open(JNDIRealm.java:2392)
>         at org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:
> 1286)
>         at 
> org.apache.catalina.realm.CombinedRealm.authenticate(CombinedRealm.java:195)
>         at 
> org.apache.catalina.realm.LockOutRealm.authenticate(LockOutRealm.java:158)
>         at 
> org.apache.catalina.realm.CombinedRealm.authenticate(CombinedRealm.java:195)
> 
> in Apache Tomcat. Note the empty server name. I can confirm that the LDAP 
> server is configured correctly and the certificate matches the hostname. 
> Switching back to 8u265 makes it work again.
> I'm wondering if this is related to the various TLS changes in 8u272.

It might be. Does it work with JDK 11? Would you have a reproducer for
this issue?

Thanks,
Severin



More information about the jdk8u-dev mailing list