Am 2020-05-24 um 01:38 schrieb Michael Osipov:
Am 2020-05-21 um 09:35 schrieb Alexey Bakhtin: ... What about introducing a UnspecEmptyInetAddress() which gives the proper AF type, but #getAddress() would return null? This should satisfy the requirements, InitialToken as well as the RFC. this of course needs to be properly passed to native providers too. GssKrb5Client would also need to know that this channel binding is explicitly for Active Directory and not some other, spec-compliant, SASL peer (property on LdapCtx?)
Giving this more thought. I believe you have also found a bug in InitialToken#getAddrType(InetAddress). It would return CHANNEL_BINDING_AF_NULL_ADDR if addr is neither Inet6 nor Inet6, but is not null which is wrong. But this is just a hypothetical case. M