RFR: 8284694: Avoid evaluating SSLAlgorithmConstraints twice [v2]
Daniel Fuchs
dfuchs at openjdk.java.net
Thu Apr 14 16:07:32 UTC 2022
On Thu, 14 Apr 2022 15:53:53 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:
>> as of today, this method is never called with a `null` argument (`SSLConfiguration#userSpecifiedAlgorithmConstraints` is initialized to `DEFAULT` and cannot be reset to `null`), but I can add a null check for future-proofing.
>
> I know. But if the null condition is not added, a code reader may have to search for its usage and make sure null is not passed. If the usages are in the same class, I may not add the checking. Otherwise, an additional checking might save time in the future.
In such cases `assert xxx != null;` could be used to tell the reader that `null` is not an expected value. But then you need to be absolutely sure that `null` can never reach here when in production.
-------------
PR: https://git.openjdk.java.net/jdk/pull/8199
More information about the security-dev
mailing list