Bug 1897454

Summary: SSLPeerUnverifiedException with LDAP+StartTLS on OpenJDK 1.8.0_272
Product: Red Hat Enterprise Linux 7 Reporter: Hisanobu Okuda <hokuda>
Component: java-1.8.0-openjdkAssignee: Andrew John Hughes <ahughes>
Status: CLOSED DUPLICATE QA Contact: OpenJDK QA <java-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.9CC: ahughes, java-qa, jvanek, rik.theys, vogt
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1897452 Environment:
Last Closed: 2022-07-14 01:13:59 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1895067, 1897452    
Bug Blocks:    

Description Hisanobu Okuda 2020-11-13 06:03:52 UTC 
+++ This bug was initially created as a clone of Bug #1897452 +++

Description of problem:
I updated OpenJDK from java-1.8.0-openjdk-1.8.0.265.b01-4.el8.x86_64 to java-1.8.0-openjdk-1.8.0.272.b10-3.el8_3.x86_64. Then my LDAP JNDI client code trhows the following exception:

{code}
javax.net.ssl|ALL|01|main|2020-11-13 13:00:19.543 JST|Logger.java:765|Invalidated session:  Session(1605240019463|TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256)
javax.net.ssl.SSLPeerUnverifiedException: hostname of the server '' does not match the hostname in the server's certificate.
        at com.sun.jndi.ldap.ext.StartTlsResponseImpl.verify(StartTlsResponseImpl.java:447)
        at com.sun.jndi.ldap.ext.StartTlsResponseImpl.negotiate(StartTlsResponseImpl.java:225)
        at com.sun.jndi.ldap.ext.StartTlsResponseImpl.negotiate(StartTlsResponseImpl.java:170)
        at sample.LdapClientStartTLS.search(LdapClientStartTLS.java:38)
        at sample.LdapClientStartTLS.main(LdapClientStartTLS.java:24)
Caused by: java.security.cert.CertificateException: Illegal given domain name: 
        at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:207)
        at sun.security.util.HostnameChecker.match(HostnameChecker.java:102)
        at sun.security.util.HostnameChecker.match(HostnameChecker.java:108)
        at com.sun.jndi.ldap.ext.StartTlsResponseImpl.verify(StartTlsResponseImpl.java:426)
        ... 4 more
Caused by: java.lang.IllegalArgumentException: Server name value of host_name cannot be empty
        at javax.net.ssl.SNIHostName.checkHostName(SNIHostName.java:314)
        at javax.net.ssl.SNIHostName.<init>(SNIHostName.java:108)
        at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:205)
        ... 7 more
{code}

The same issue is reported in https://bugs.openjdk.java.net/browse/JDK-8214440, and the fix is provided in https://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/10149d2837c2.


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 4 Andrew John Hughes 2022-07-14 01:13:59 UTC 

*** This bug has been marked as a duplicate of bug 1895067 ***
Comment 5 Andrew John Hughes 2022-07-14 01:16:32 UTC 

*** This bug has been marked as a duplicate of bug 1895062 ***