RFR: 8311596: Add separate system properties for TLS server and client for maximum chain length
Mark Powers
mpowers at openjdk.org
Mon Aug 7 15:51:35 UTC 2023
On Fri, 4 Aug 2023 17:30:06 GMT, Hai-May Chao <hchao at openjdk.org> wrote:
> Please review the enhancement for JDK-8311596 and its CSR JDK-8313236. Thank you.
All of the other changes look fine to me.
Does this need a test?
src/java.base/share/classes/sun/security/ssl/SSLConfiguration.java line 115:
> 113: "jdk.tls.maxCertificateChainLength", 10);
> 114:
> 115: // Limit the maximum certificate chain length accepted from clients
Should these be moved to after line 89?
src/java.base/share/classes/sun/security/ssl/SSLConfiguration.java line 150:
> 148: */
> 149: static {
> 150: Integer clientLen = GetIntegerAction.privilegedGetProperty(
I think you could call `privilegedGetProperty` with the default value as second argument.
-------------
PR Review: https://git.openjdk.org/jdk/pull/15163#pullrequestreview-1565630479
PR Review Comment: https://git.openjdk.org/jdk/pull/15163#discussion_r1286053347
PR Review Comment: https://git.openjdk.org/jdk/pull/15163#discussion_r1286074504
More information about the security-dev
mailing list