Android runtime fails to start HTTPS due to javax.naming.ldap.LdapName dependency in org.eclipse.jetty.util.ssl.X509

[yang1318]

Jetty version(s)
9.4.51.v20230217

Jetty Environment
N/A (embedded Jetty on Android, not jetty-12 core/ee8/ee9/ee10/ee11)

HTTP version
HTTP/1.1

Java version/vendor (use: java -version)
Android Runtime (ART), Android 13

OS type/version
Android 13

Description
I found an Android compatibility issue when starting an embedded Jetty HTTPS server inside an Android app.

HTTP works, but enabling HTTPS fails during Jetty startup.

The failure happens because org.eclipse.jetty.util.ssl.X509 references javax.naming.ldap.LdapName, which is not available on the Android runtime.

Observed stack trace:

java.lang.NoClassDefFoundError: Failed resolution of: Ljavax/naming/ldap/LdapName;
at org.eclipse.jetty.util.ssl.X509.<init>(X509.java:104)
at org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:345)
at org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:244)

This causes HTTPS connector startup to fail before the server can accept TLS connections.

I understand Jetty 9 is EOL, but I wanted to report this compatibility issue for reference and ask whether this dependency is intentional, or whether a fallback approach without LdapName would be acceptable in a maintained branch.

How to reproduce?

1. Run an Android 13 app that starts an embedded Jetty 9.4.x server.
2. Configure HTTPS using SslContextFactory.Server, SslConnectionFactory, and ServerConnector.
3. Start the server.
4. Jetty fails during HTTPS initialization with NoClassDefFoundError for javax.naming.ldap.LdapName.

Example flow:

• Create Server
• Create HttpConfiguration with SecureRequestCustomizer
• Create SslContextFactory.Server
• Create ServerConnector with SslConnectionFactory(sslContextFactory, "http/1.1")
• Call server.start()

Result:
HTTPS startup fails with:

java.lang.NoClassDefFoundError: Failed resolution of: Ljavax/naming/ldap/LdapName;

Relevant stack trace:

java.lang.NoClassDefFoundError: Failed resolution of: Ljavax/naming/ldap/LdapName;
at org.eclipse.jetty.util.ssl.X509.<init>(X509.java:104)
at org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:345)
at org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:244)
at org.eclipse.jetty.server.SslConnectionFactory.doStart(SslConnectionFactory.java:97)
at org.eclipse.jetty.server.ServerConnector.doStart(ServerConnector.java:234)
at org.eclipse.jetty.server.Server.doStart(Server.java:401)

Expected behavior:
Jetty should either avoid the hard dependency on javax.naming.ldap.LdapName in this path, or fail more gracefully on runtimes where JNDI is unavailable.

[sbordet]

Thanks for your interest, but Jetty 9.4.x is at EOL and won't receive public updates anymore.
We also do not accept public pull requests for changes to 9.4.x; this repository is now read-only.

You may contact Webtide for commercial support for Jetty 9.4.x.

The dependency is intentional and present also in recent Jetty versions, as we need to parse the distinguished name of a certificate, and this parsing is already done by JDK classes LdapName and Rdn, so we did not have to rewrite the parsing.

If you would like to contribute this parsing for Jetty 12.1.x will be great, but then you'll need Java 17 Android support.

My understanding of the Android support is that even if you solve this issue, there will be others that will pop up due to other incompatibilities between OpenJDK and Android.
I'd be happy to be wrong on this, so if you know better I'll be happy to know.