Package: openjdk-8-jre Version: 8u272-b10-0+deb9u1 On a Debian Stretch, we use the software lsc (https://lsc-project.org/doku.php) to synchronize a Samba 4 AD DC database with a OpenLDAP database. This sotfware use Java.
This morning, we updated our servers, including openjdk-8-jre and openjdk-8-jre-headless to the version 8u272-b10-0+deb9u1). Since, lsc couldn't connect anymore to our Samba 4 AD DC : oct. 26 12:15:38 - INFO - Connecting to LDAP server ldap://<our_AD.my_compagny.fr:389/dc=ad,dc=my_compagny,dc=fr as cn=exploit,cn=Users,dc=ad,dc=my_compagny,dc=fr with STARTTLS extended operation oct. 26 12:15:41 - ERROR - Error starting TLS encryption on connection to ldap://<our_AD.my_compagny.fr:389/dc=ad,dc=my_compagny,dc=fr oct. 26 12:15:41 - ERROR - Error opening the LDAP connection to the destination! (javax.net.ssl.SSLPeerUnverifiedException: hostname of the server '' does not match the hostname in the server's certificate.) oct. 26 12:15:41 - ERROR - org.lsc.exception.LscConfigurationException: Configuration exception: javax.net.ssl.SSLPeerUnverifiedException: hostname of the server '' does not match the hostname in the server's certificate. We have downgraded the packages with apt-get install openjdk-8-jre-headless=8u252-b09-1~deb9u1 openjdk-8-jre=8u272-b10-0+deb9u1 . Since, lsc works. The line " hostname of the server '' " (note the empty string) in the error message puzzles me. I think there is a bug in openjdk-8-jre package since the 8u272-b10-0+deb9u1 version. Regards.
