RFR: 8279842: HTTPS Channel Binding support for Java GSS/Kerberos [v6]
Weijun Wang
weijun at openjdk.java.net
Mon Jan 24 19:13:11 UTC 2022
On Mon, 24 Jan 2022 15:54:01 GMT, Michael McMahon <michaelm at openjdk.org> wrote:
>> src/java.base/share/classes/sun/security/util/TlsChannelBinding.java line 100:
>>
>>> (failed to retrieve contents of file, check the PR for context)
>> I think this method should stay here. Suppose one day the CBT type is configurable for HTTPS we'll have to get it back. Of course we will need to update the message to avoid talking about LDAP.
>
> So, where should the two constant Strings go? It doesn't feel like they belong in java.base since they are JNDI/SASL related, and we can't have a method in `java.base` depending on code in other modules?
The 2 strings should be on the LDAP side. This method does not really depend on the strings except for mentioning one in the exception message. We can just rewrite it into `"Illegal channel binding type: " + cbType`.
-------------
PR: https://git.openjdk.java.net/jdk/pull/7065
More information about the core-libs-dev
mailing list