On Tue, 25 Jan 2022 12:47:26 GMT, Michael McMahon wrote:
>> src/java.base/share/classes/sun/net/www/http/HttpClient.java line 150:
>>
>>> 148: * "domain:a,c.d,*.e.f" (sent to host a, or c.d or to the domain
>>> e.f and any of its subdomains). This is
>>> 149: * a comma separated list
On Tue, 25 Jan 2022 10:30:20 GMT, Michael McMahon wrote:
>> Hi,
>>
>> This change adds Channel Binding Token (CBT) support to HTTPS
>> (java.net.HttpsURLConnection) when used with the Negotiate (SPNEGO,
>> Kerberos) authentication scheme. When enabled, the implementation
>> preemptively inclu
On Fri, 21 Jan 2022 15:51:10 GMT, Michael McMahon wrote:
>> `NamingException` has `setRootCause()`. Why not use that? I use that one too
>> and full stack is retained.
>
> Yes, I can do that. Though it will cause the existing LDAP channel binding
> test to fail which is checking for an empty ro
On Fri, 21 Jan 2022 13:35:53 GMT, Michael McMahon wrote:
>> src/java.naming/share/classes/com/sun/jndi/ldap/sasl/LdapSasl.java line 133:
>>
>>> 131:
>>> (String)env.get(TlsChannelBinding.CHANNEL_BINDING_TYPE));
>>> 132: } catch (ChannelBindingExce
On Thu, 20 Jan 2022 10:58:27 GMT, Michael McMahon wrote:
>> Hi,
>>
>> This change adds Channel Binding Token (CBT) support to HTTPS
>> (java.net.HttpsURLConnection) when used with the Negotiate (SPNEGO,
>> Kerberos) authentication scheme. When enabled, the implementation
>> preemptively inclu
On Sat, 15 Jan 2022 00:23:31 GMT, Weijun Wang wrote:
>> Yes. I would like the security team to validate this.
>
> I suggest moving the `TlsChannelBinding` class into
> `java.base/sun.security.util` since it's not only used by LDAP anymore. It's
> even not restricted to GSS-API. According to
>
