RFR: 8284694: Avoid evaluating SSLAlgorithmConstraints twice [v2]

Daniel Jeliński djelinski at openjdk.java.net
Wed Apr 13 21:41:26 UTC 2022


On Wed, 13 Apr 2022 16:02:50 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:

>> Thanks @XueleiFan for the review!
>> If we do that, this will result in a behavior change for cases where `enabledX509DisabledAlgConstraints` = false; is that okay? Or should we set `enabledX509DisabledAlgConstraints` = true if `userSpecifiedConstraints == DEFAULT`?
>
> I think it is OK.  The enabledX509DisabledAlgConstraints should be specified with the withDefaultCertPathConstraints parameterm, and should not be overrode by the userSpecifiedConstraints.  I think it is a behavior that we'd like to correct.

updated the patch. Let me know if that's what you had in mind.

-------------

PR: https://git.openjdk.java.net/jdk/pull/8199


More information about the security-dev mailing list