RFR 8170732: GssKrb5Client sends non-zero buffer size when qop is "auth"

Xuelei Fan xuelei.fan at oracle.com
Tue Jan 3 22:56:34 UTC 2017


Would you mind add a comment about this MUST-BE-ZERO behavior? 
Otherwise, looks fine to me.

Xuelei

On 1/2/2017 7:31 PM, Wang Weijun wrote:
> Ping again.
>
> On 12/22/2016 9:52 AM, Wang Weijun wrote:
>> Please take a review at
>>
>> http://cr.openjdk.java.net/~weijun/8170732/webrev.00/
>>
>> According to https://tools.ietf.org/html/rfc4752#section-3.1:
>>
>> The client then constructs data, with the first octet containing the
>> bit-mask specifying the selected security layer, the second through
>> fourth octets containing in network byte order the maximum size
>> output_message the client is able to receive (which MUST be 0 if the
>> client does not support any security layer),
>>
>> A test is modified to check this case. Please note that when there is
>> no security layer, you cannot call wrap/unwrap anymore.
>>
>> Thanks Max
>>


More information about the security-dev mailing list