RFR: 8284694: Avoid evaluating SSLAlgorithmConstraints twice [v2]
Daniel Jeliński
djelinski at openjdk.java.net
Wed Apr 13 21:41:26 UTC 2022
On Wed, 13 Apr 2022 16:02:50 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:
>> Thanks @XueleiFan for the review!
>> If we do that, this will result in a behavior change for cases where `enabledX509DisabledAlgConstraints` = false; is that okay? Or should we set `enabledX509DisabledAlgConstraints` = true if `userSpecifiedConstraints == DEFAULT`?
>
> I think it is OK. The enabledX509DisabledAlgConstraints should be specified with the withDefaultCertPathConstraints parameterm, and should not be overrode by the userSpecifiedConstraints. I think it is a behavior that we'd like to correct.
updated the patch. Let me know if that's what you had in mind.
-------------
PR: https://git.openjdk.java.net/jdk/pull/8199
More information about the security-dev
mailing list