RFR: 8245527: LDAP Channel Binding support for Java GSS/Kerberos [v2]

[Alexey Bakhtin]

On Tue, 22 Sep 2020 15:36:24 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:

>> No, It is not used.
>> However, I'd like to leave it as is (it is mentioned in the documentation as unsupported value).
>> Otherwise, TlsChannelBindingType enum will have one element only and should be simplified/removed in all places. In
>> this case, it would be double work to add TlsChannelBindingType enum back in the future if "tls-unique" required. If
>> required I can remove TLS_UNIQUE item, but not remove TlsChannelBindingType enum
>
> I was suggesting to keep TlsChannelBindingType but remove TLS_UNIQUE; However, I'm OK to keep things as is: this is an
> internal API. I wonder if it would deserve a comment:
>         /**
>          * Channel binding on the basis of TLS Finished message
>          */
>         // TLS_UNIQUE is defined by RFC 5929 but is not supported by the current LDAP stack.
>         TLS_UNIQUE("tls-unique"),

Thank you. Added suggested comment.

-------------

PR: https://git.openjdk.java.net/jdk/pull/278