RFR: 8279842: HTTPS Channel Binding support for Java GSS/Kerberos [v3]

[Michael McMahon]

On Thu, 20 Jan 2022 11:04:18 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:

>> Michael McMahon has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>   removed sasl module dependency and added SaslException cause
>
> src/java.base/share/classes/java/net/doc-files/net-properties.html line 220:
> 
>> 218: 	This controls the generation and sending of TLS channel binding tokens (CBT) when Kerberos 
>> 219:         or the Negotiate authentication scheme using Kerberos are employed over HTTPS with 
>> 220:         {@code HttpURLConnection}. There are three possible settings:</P>
> 
> Should it be `{@code HttpsURLConnection}`?
> (BTW - can we use {@code } here ? Would be worth checking the generated doc)

Right HttpsURLConnection is better. {@code} works here.

> src/java.base/share/classes/sun/net/www/http/HttpClient.java line 189:
> 
>> 187:         } else {
>> 188:             logError("Unexpected value for \"jdk.https.negotiate.cbt\" system property");
>> 189:             return s;
> 
> Should this return either "always" or "never" instead? It seems that junk values will be treated as "always". It would be better to make it clear here.

It was being handled elsewhere as "never". But, I agree it would be clearer to normalise it to "never" here.

-------------

PR: https://git.openjdk.java.net/jdk/pull/7065