JDK-8257562 : ldapcertstore does not release connections to jndi pool for cleanup
  • Type: Enhancement
  • Component: core-libs
  • Sub-Component: javax.naming
  • Affected Version: 11
  • Priority: P4
  • Status: New
  • Resolution: Unresolved
  • OS: generic
  • CPU: generic
  • Submitted: 2020-11-30
  • Updated: 2020-12-22
Related Reports
Relates :  
JDK-8059009 - LDAPCertStore fails to retrieve CRL after LDAP server closes idle connection
Description
A DESCRIPTION OF THE PROBLEM :
similar to this bug here: https://bugs.openjdk.java.net/browse/JDK-8059009

the fix was incomplete. The issue is that ldap servers may close idle ldap connections, and the ldapcertstore fails on the subsequent search. When it fails, the "communication error" flag is set to true, so re-connection will happen on a third search. Idle connections could be cleaned up if connection pooling was enabled and the ldap cert store closed the context. This doesnt happen though, if jndi pooling is on with an idle timeout, it never cleans the connection in the ldapcertstore because it stays "busy". Alternatively, forcing reconnect after some timeout on the in ldapcertstoreimpl would also fix this issue.  

No good workaround has been found so far. Creating fresh certstores doesnt work because the ldap cert stores are cached.
Comments
Moved to JDK for more considerations.
02-12-2020