Bug 1897452
| Summary: | SSLPeerUnverifiedException with LDAP+StartTLS on OpenJDK 1.8.0_272 | |||
|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Hisanobu Okuda <hokuda> | |
| Component: | java-1.8.0-openjdk | Assignee: | Andrew John Hughes <ahughes> | |
| Status: | CLOSED DUPLICATE | QA Contact: | OpenJDK QA <java-qa> | |
| Severity: | unspecified | Docs Contact: | ||
| Priority: | unspecified | |||
| Version: | 8.2 | CC: | ahughes, aogburn, joe.madden, jvanek, lkonno | |
| Target Milestone: | rc | |||
| Target Release: | 8.0 | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | ||||
| Fixed In Version: | java-1.8.0-openjdk-1.8.0.275.b01-1.el8_3 | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 1897454 (view as bug list) | Environment: | ||
| Last Closed: | 2021-03-18 17:30:37 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 1897454 | |||
Added myself to the CC List as i'm currently hitting this issue and would like a notification of the fix. This was resolved in the 8u275 respin in November 2020, shipping in RHEL 8.3 in mid-December 2020. *** This bug has been marked as a duplicate of bug 1895067 *** |
Description of problem: I updated OpenJDK from java-1.8.0-openjdk-1.8.0.265.b01-4.el8.x86_64 to java-1.8.0-openjdk-1.8.0.272.b10-3.el8_3.x86_64. Then my LDAP JNDI client code trhows the following exception: {code} javax.net.ssl|ALL|01|main|2020-11-13 13:00:19.543 JST|Logger.java:765|Invalidated session: Session(1605240019463|TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) javax.net.ssl.SSLPeerUnverifiedException: hostname of the server '' does not match the hostname in the server's certificate. at com.sun.jndi.ldap.ext.StartTlsResponseImpl.verify(StartTlsResponseImpl.java:447) at com.sun.jndi.ldap.ext.StartTlsResponseImpl.negotiate(StartTlsResponseImpl.java:225) at com.sun.jndi.ldap.ext.StartTlsResponseImpl.negotiate(StartTlsResponseImpl.java:170) at sample.LdapClientStartTLS.search(LdapClientStartTLS.java:38) at sample.LdapClientStartTLS.main(LdapClientStartTLS.java:24) Caused by: java.security.cert.CertificateException: Illegal given domain name: at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:207) at sun.security.util.HostnameChecker.match(HostnameChecker.java:102) at sun.security.util.HostnameChecker.match(HostnameChecker.java:108) at com.sun.jndi.ldap.ext.StartTlsResponseImpl.verify(StartTlsResponseImpl.java:426) ... 4 more Caused by: java.lang.IllegalArgumentException: Server name value of host_name cannot be empty at javax.net.ssl.SNIHostName.checkHostName(SNIHostName.java:314) at javax.net.ssl.SNIHostName.<init>(SNIHostName.java:108) at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:205) ... 7 more {code} The same issue is reported in https://bugs.openjdk.java.net/browse/JDK-8214440, and the fix is provided in https://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/10149d2837c2. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info: