RFR: 8311596: Add separate system properties for TLS server and client for maximum chain length [v8]

[Xue-Lei Andrew Fan]

On Mon, 6 Nov 2023 20:48:59 GMT, Hai-May Chao <hchao at openjdk.org> wrote:

>> I think the wording of the comment is somewhat confusing because it is trying to explain the behavior of both properties together and the words "either" and "neither" may be hard to parse. I recommend separate comment blocks for each property. Here is a suggestion for the server side setting:
>> 
>> 
>> /* 
>>  * maxInboundClientCertChainLen is the maximum length of a client certificate
>>  * chain accepted by a server. It is determined as follows:
>>  *  - If the jdk.tls.server.maxInboundCertificateChainLength system property
>>  *    is set and its value >= 0, it uses that value.
>>  *  - Otherwise, if the jdk.tls.maxCertificateChainLength system property is
>>  *    set and its value >= 0, it uses that value.
>>  *  - Otherwise it is set to a default value of 8.
>>  */
>> 
>> 
>> The client side setting would be similar.
>
> Yes, I can place the comments in the code blocks for the server-side setting and client-side setting, respectively.
> @XueleiFan Any feedback before I'm making this comment change?
> I will also update the release note accordingly. Thanks!

I'm not sure if there is a clear reason to change the default value from 10 to 8.  I'm fine if you want to keep to use value 10 for less compatibility issues. Otherwise, I have no more comment.  Thanks!

> Yes, I can place the comments in the code blocks for the server-side setting and client-side setting, respectively. @XueleiFan Any feedback before I'm making this comment change? I will also update the release note accordingly. Thanks!

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/15163#discussion_r1384494328