RFR: 8362268 : NPE thrown from SASL GSSAPI impl when TLS is used with QOP auth-int against Active Directory

Michael Osipov duke at openjdk.org
Mon Aug 25 16:35:10 UTC 2025


On Fri, 22 Aug 2025 15:38:05 GMT, Weijun Wang <weijun at openjdk.org> wrote:

> So, it seems we should NOT revert to the raw stream. We can either return earlier in `abandonRequest()` before the `write` call or the `write` should fail (which the current PR does). Of course, an exception with clear information is always better.

I agree that if the opposite side did close the connection without properly advertising it and we try to send a request and it fails, it should be clearly signalled to the user. `CommunicationException` or similar which is already used in the code base.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/26566#issuecomment-3214847488


More information about the security-dev mailing list