Details
-
Bug
-
Resolution: Fixed
-
P4
-
None
-
b07
Backports
Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
---|---|---|---|---|---|---|
JDK-8290168 | 15.0.9 | Yuri Nesterenko | P4 | Resolved | Fixed | b01 |
JDK-8262302 | 13.0.7 | Alexey Bakhtin | P4 | Resolved | Fixed | b03 |
JDK-8268754 | 11.0.14-oracle | Evan Whelan | P4 | Resolved | Fixed | b03 |
JDK-8262736 | 11.0.11 | Alexey Bakhtin | P4 | Resolved | Fixed | b05 |
Description
However this does not work if the LDAP StartTLS extension is used. Code may connect to Active Directory anonymously to read the rootDSE and then switch to TLS before authenticating.
The server certificate used available in the SSLSession returned from StartTlsResponse.negotiate() can be used to determine the channel binding data.
Attachments
Issue Links
- backported by
-
JDK-8262302 LDAP channel binding does not work with StartTLS extension
- Resolved
-
JDK-8262736 LDAP channel binding does not work with StartTLS extension
- Resolved
-
JDK-8268754 LDAP channel binding does not work with StartTLS extension
- Resolved
-
JDK-8290168 LDAP channel binding does not work with StartTLS extension
- Resolved
- relates to
-
JDK-8245527 LDAP Channel Binding support for Java GSS/Kerberos
- Resolved
- links to
-
Commit openjdk/jdk13u-dev/a71cc1db
-
Commit openjdk/jdk15u-dev/3d8ec309
-
Commit openjdk/jdk/874aef4a
-
Review openjdk/jdk13u-dev/131
-
Review openjdk/jdk15u-dev/229
-
Review openjdk/jdk/2085