On Wed, 20 Jan 2021 15:34:24 GMT, Alexey Bakhtin <abakh...@openjdk.org> wrote:
> New ChannelBinding Data will be recreated for every TLS connection and > provided to SASL Client in the new environment properties set (cloned from > the original). > LdapSasl.java lines 133 - 136: > > ``` > TlsChannelBinding tlsCB = > TlsChannelBinding.create(cert); > envProps = (Hashtable<String, Object>) env.clone(); Hi Alexey, Aleksei and I have concern because this code uses a `cert` that is obtained from a CompletableFuture, and the completable future can be completed only once. The second time around - you will therefore find the same `cert` that was set when the first StartTLSResponse was negotiated. This may - or may not matter - depending on whether the `cert` certificate returned by the server the second time around should be the same - or not. Could you test this scenario? It may be that it's a niche scenario that makes no sense or that we don't want to support - I'm not sure how STARTTLS is used in the wild. Do you have any insights on this? best regards, -- daniel ------------- PR: https://git.openjdk.java.net/jdk/pull/2085
