[security-dev 01359]: Re: 6894643: Separate out dependency on Kerberos
Vincent Ryan
Vincent.Ryan at Sun.COM
Mon Nov 2 23:48:30 UTC 2009
Alan Bateman wrote:
> Vincent Ryan wrote:
>> Hello all,
>>
>> I'm proposing a further change that enables JSSE to work when Kerberos
>> is not
>> present at runtime:
>>
>> http://cr.openjdk.java.net/~vinnie/6894643/webrev.00/
>>
>> (This continues the removal of static dependencies begun in CR 6885204.)
>>
>> Please comment.
>> Thanks.
>>
> This separation looks quite good.
>
> What would you think about moving sun.security.util.HostnameChecker into
> sun.security.ssl.HostnameChecker? It's only usage in the JNDI LDAP
> provider should be when using SSL.
Fine for LDAP but HostnameChecker is used by HTTPS too.
src/share/classes/sun/security/ssl/X509TrustManagerImpl.java
src/share/classes/sun/net/www/protocol/https/HttpsClient.java
src/share/classes/com/sun/jndi/ldap/ext/StartTlsResponseImpl.java
src/share/classes/com/sun/net/ssl/internal/www/protocol/https/DelegateHttpsURLConnection.java
>
> Minor comment on the new KerberosClientKeyExchange is that the indenting
> of the parameters to several months seems a bit strange (no big deal).
> Also, I assume that getImpl isn't really needed and that impl should be
> initialized as:
>
> impl = AccessController.doPrivileged(
> new PrivilegedAction<KerberosClientKeyExchange>() {
> public KerberosClientKeyExchange run() { .. .};
I've corrected that.
>
> Good to see a test included.
>
> -Alan.
More information about the security-dev
mailing list