RFR: 8245527: LDAP Cnannel Binding support for Java GSS/Kerberos
Michael Osipov
1983-01-06 at gmx.net
Sun May 24 09:00:36 UTC 2020
Am 2020-05-24 um 01:38 schrieb Michael Osipov:
> Am 2020-05-21 um 09:35 schrieb Alexey Bakhtin:
> ...
> What about introducing a UnspecEmptyInetAddress() which gives the proper
> AF type, but #getAddress() would return null? This should satisfy the
> requirements, InitialToken as well as the RFC. this of course needs to
> be properly passed to native providers too. GssKrb5Client would also
> need to know that this channel binding is explicitly for Active
> Directory and not some other, spec-compliant, SASL peer (property on
> LdapCtx?)
Giving this more thought. I believe you have also found a bug in
InitialToken#getAddrType(InetAddress). It would return
CHANNEL_BINDING_AF_NULL_ADDR if addr is neither Inet6 nor Inet6, but is
not null which is wrong. But this is just a hypothetical case.
M
More information about the security-dev
mailing list