RFR: 8284694: Avoid evaluating SSLAlgorithmConstraints twice
Xue-Lei Andrew Fan
xuelei at openjdk.java.net
Wed Apr 13 16:06:23 UTC 2022
On Wed, 13 Apr 2022 07:50:55 GMT, Daniel Jeliński <djelinski at openjdk.org> wrote:
>> src/java.base/share/classes/sun/security/ssl/SSLAlgorithmConstraints.java line 72:
>>
>>> 70: }
>>> 71:
>>> 72: static AlgorithmConstraints wrap(AlgorithmConstraints userSpecifiedConstraints) {
>>
>> I may update all of the constructors so that the accumulation of the reference of userSpecifiedConstraints could be avoid further.
>>
>>
>> - this.userSpecifiedConstraints = userSpecifiedConstraints;
>> + this.userSpecifiedConstraints = userSpecifiedConstraints == DEFAULT ?
>> + null : userSpecifiedConstraints;
>>
>>
>>
>> Similar update could be placed in the getUserSpecifiedConstraints() implementation.
>
> Thanks @XueleiFan for the review!
> If we do that, this will result in a behavior change for cases where `enabledX509DisabledAlgConstraints` = false; is that okay? Or should we set `enabledX509DisabledAlgConstraints` = true if `userSpecifiedConstraints == DEFAULT`?
I think it is OK. The enabledX509DisabledAlgConstraints should be specified with the withDefaultCertPathConstraints parameterm, and should not be overrode by the userSpecifiedConstraints. I think it is a behavior that we'd like to correct.
-------------
PR: https://git.openjdk.java.net/jdk/pull/8199
More information about the security-dev
mailing list