RFR: 8279842: HTTPS Channel Binding support for Java GSS/Kerberos
Weijun Wang
weijun at openjdk.java.net
Sat Jan 15 00:30:28 UTC 2022
On Fri, 14 Jan 2022 18:42:08 GMT, Michael McMahon <michaelm at openjdk.org> wrote:
>> src/java.security.jgss/share/classes/module-info.java line 36:
>>
>>> 34: module java.security.jgss {
>>> 35: requires java.naming;
>>> 36: requires java.security.sasl;
>>
>> Someone from security-dev should probably review this and validate that this is OK. I'm also a bit uncomfortable that we require a class from `com.sun.jndi.ldap.sasl` even though `java.naming` is already required by `java.security.jgss` - so maybe this is OK.
>
> Yes. I would like the security team to validate this.
I suggest moving the `TlsChannelBinding` class into `java.base/sun.security.util` since it's not only used by LDAP anymore. You might need to modify the types of exceptions thrown in the class and move the 2 final strings to some other class inside `java.security.sasl`.
-------------
PR: https://git.openjdk.java.net/jdk/pull/7065
More information about the core-libs-dev
mailing list