RFR: 8245527: LDAP Channel Binding support for Java GSS/Kerberos
Alexey Bakhtin
abakhtin at openjdk.java.net
Tue Sep 22 15:20:07 UTC 2020
On Tue, 22 Sep 2020 14:47:35 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:
>> Hi,
>>
>> Plaese review JDK-8245527 fix which implements LDAP Channel Binding support for Java GSS/Kerberos.
>> Initial review is available at core-devs: https://mail.openjdk.java.net/pipermail/core-libs-dev/2020-August/068197.html
>> This version removes "tls-unique" CB type from the list of possible channel binding types. The only supported type is
>> "tls-server-end-point"
>> CSR is also updated : https://bugs.openjdk.java.net/browse/JDK-8247311
>>
>> Thank you
>> Alexey
>
> src/java.naming/share/classes/com/sun/jndi/ldap/sasl/TlsChannelBinding.java line 63:
>
>> 61: * Channel binding on the basis of TLS Finished message
>> 62: */
>> 63: TLS_UNIQUE("tls-unique"),
>
> Is that still used? If not maybe it should be removed?
No, It is not used.
However, I'd like to leave it as is (it is mentioned in the documentation as unsupported value).
Otherwise, TlsChannelBindingType enum will have one element only and should be simplified/removed in all places. In
this case, it would be double work to add TlsChannelBindingType enum back in the future if "tls-unique" required. If
required I can remove TLS_UNIQUE item, but not remove TlsChannelBindingType enum
-------------
PR: https://git.openjdk.java.net/jdk/pull/278
More information about the core-libs-dev
mailing list