[ https://issues.jboss.org/browse/ELY-283?page=com.atlassian.jira.plugin.sy... ] Jan Kalina commented on ELY-283: -------------------------------- For needs of OpenJDK patch review I has prepared simple reproducer without AS: [^reproducer-gss.zip] {panel} Hi, I was just able to prepare usable reproducer (attaching in ZIP file) and fixing patch of JDK (attaching too). Before I was able to make my usecase working, I has found second issue too - I has included it too. Issues and their reproducing: *1) already described problem of wrong initialized SunNativeProvider.INSTANCE* This can be reproduced by recreating GSSManager before createGSSContext - ProviderList.factories will be initialized as part of initSecContext/acceptSecContext which will cause using wrong initialized SunNativeProvider.INSTANCE and described exception. *2) when channel binding is used SIGSEGV occure* This can be reproduced by setting channel binding without initAddr/acceptAddr. This is caused by sending uninitialized (with random length) cb->initiator_address from JDK to the kerberos. (It is used by krb library for messages checksum calculation even when addrtype is GSS_C_AF_NULLADDR.) Attached reproducer-gss.zip reproduces both issues and attached patch fixes both. I would welcome merging into OpenJDK. (I am covered by OCA of Red Hat) This issue affect both tested JDKs, JKD8u121 and upstream JDK9 from mercurial master. Thanks, Jan {panel} -- This message was sent by Atlassian JIRA (v7.5.0#75005)