On Tue, 22 Sep 2020 14:47:35 GMT, Daniel Fuchs <dfu...@openjdk.org> wrote:
>> Hi, >> >> Plaese review JDK-8245527 fix which implements LDAP Channel Binding support >> for Java GSS/Kerberos. >> Initial review is available at core-devs: >> https://mail.openjdk.java.net/pipermail/core-libs-dev/2020-August/068197.html >> This version removes "tls-unique" CB type from the list of possible channel >> binding types. The only supported type is >> "tls-server-end-point" >> CSR is also updated : https://bugs.openjdk.java.net/browse/JDK-8247311 >> >> Thank you >> Alexey > > src/java.naming/share/classes/com/sun/jndi/ldap/sasl/TlsChannelBinding.java > line 63: > >> 61: * Channel binding on the basis of TLS Finished message >> 62: */ >> 63: TLS_UNIQUE("tls-unique"), > > Is that still used? If not maybe it should be removed? No, It is not used. However, I'd like to leave it as is (it is mentioned in the documentation as unsupported value). Otherwise, TlsChannelBindingType enum will have one element only and should be simplified/removed in all places. In this case, it would be double work to add TlsChannelBindingType enum back in the future if "tls-unique" required. If required I can remove TLS_UNIQUE item, but not remove TlsChannelBindingType enum ------------- PR: https://git.openjdk.java.net/jdk/pull/278
