<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
</head>
<body>
<div dir="ltr">
<div id="id-2a951bac-ac0b-44ee-98b7-f8d9cabe626b" class="ms-outlook-mobile-reference-message">
<p style="margin: 0px; font-size: 17.9px; line-height: normal; caret-color: rgb(0, 0, 0)">
<span style="font-size: 17.94px">LdapCtxt:</span></p>
<p style="margin: 0px; font-size: 17.9px; line-height: normal; caret-color: rgb(0, 0, 0)">
<span style="font-size: 17.94px">2568<span> </span><span> <span> </span></span>/**</span></p>
<p style="margin: 0px; font-size: 17.9px; line-height: normal; caret-color: rgb(0, 0, 0)">
<span style="font-size: 17.94px">2569<span> <span> </span></span>* Sets the read timeout value</span></p>
<p style="margin: 0px; font-size: 17.9px; line-height: normal; caret-color: rgb(0, 0, 0)">
<span style="font-size: 17.94px">2570<span> <span> </span></span>*/</span></p>
<p style="margin: 0px; font-size: 17.9px; line-height: normal; caret-color: rgb(0, 0, 0)">
<span style="font-size: 17.94px">2571<span> </span><span> <span> </span></span>private void setChannelBindingType(String cbTypeProp) {</span></p>
<p style="margin: 0px; font-size: 17.9px; line-height: normal; min-height: 21.4px; caret-color: rgb(0, 0, 0)">
<span style="font-weight: bold; font-size: 17.94px"></span><br>
</p>
<p style="margin: 0px; font-size: 17.9px; line-height: normal; caret-color: rgb(0, 0, 0)">
<span style="font-size: 17.94px">Not sure if that javadoc is the right one? And I also wonder if enforcing the timeout is needed, and if yes if it should be documented why. Was not obvious to me,</span></p>
<p style="margin: 0px; font-size: 17.9px; line-height: normal; min-height: 21.4px; caret-color: rgb(0, 0, 0)">
<span style="font-size: 17.94px"></span><br>
</p>
<p style="margin: 0px; font-size: 17.9px; line-height: normal; caret-color: rgb(0, 0, 0)">
<span style="font-size: 17.94px">what about having two type names (TlsChannelBindingType.TLS_SERVER_END_POINT and TlsChannelBindingType.TLS_SERVER_END_POINT_COMPAT?)</span></p>
<p style="margin: 0px; font-size: 17.9px; line-height: normal; min-height: 21.4px; caret-color: rgb(0, 0, 0)">
<span style="font-size: 17.94px"></span><br>
</p>
<p style="margin: 0px; font-size: 17.9px; line-height: normal; caret-color: rgb(0, 0, 0)">
<span style="font-size: 17.94px">This could be configured as a SASL property and it would add the benefit that you don't need the instance specific if in the gssstub native code if you instead have two different types values?</span></p>
<p style="margin: 0px; font-size: 17.9px; line-height: normal; min-height: 21.4px; caret-color: rgb(0, 0, 0)">
<span style="font-size: 17.94px"></span><br>
</p>
<p style="margin: 0px; font-size: 17.9px; line-height: normal; caret-color: rgb(0, 0, 0)">
<span style="font-size: 17.94px">Gruss</span></p>
<p style="margin: 0px; font-size: 17.9px; line-height: normal; caret-color: rgb(0, 0, 0)">
<span style="font-size: 17.94px">Bernd</span></p>
<br>
<hr style="display: inline-block; width: 98%; font-family: -webkit-standard; font-size: 12pt; color: rgb(0, 0, 0);" tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif"><b>Von:</b> security-dev <security-dev-bounces@openjdk.java.net> im Auftrag von Alexey Bakhtin <alexey@azul.com><br>
<b>Gesendet:</b> Mittwoch, Mai 27, 2020 11:43 AM<br>
<b>An:</b> Valerie Peng<br>
<b>Cc:</b> security-dev@openjdk.java.net; core-libs-dev@openjdk.java.net; Thomas Maslen<br>
<b>Betreff:</b> Re: RFR: 8245527: LDAP Cnannel Binding support for Java GSS/Kerberos
<div> </div>
</font></div>
Hello Valerie, Unfortunately, Windows LDAP server with LdapEnforceChannelBinding=2 does not accept GSS_C_AF_NULLADDR address type. This is exact reason of these changes. I� ve tried to fix inconsistency of address type value in the latest webrev: http://cr.openjdk.java.net/~abakhtin/8245527/webrev.v2/ </div>
</div>
</body>
</html>