RFR: 8311596: Add separate system properties for TLS server and client for maximum chain length [v4]
Mark Powers
mpowers at openjdk.org
Fri Oct 13 18:05:10 UTC 2023
On Fri, 13 Oct 2023 16:04:48 GMT, Hai-May Chao <hchao at openjdk.org> wrote:
>> Please review the enhancement for JDK-8311596 and its CSR JDK-8313236. Thank you.
>
> Hai-May Chao has updated the pull request incrementally with one additional commit since the last revision:
>
> Change made to configure max allowed cert chain lengths based on updated CSR
src/java.base/share/classes/sun/security/ssl/SSLConfiguration.java line 117:
> 115: static final int maxClientCertificateChainLength;
> 116:
> 117: // Limit the maximum certificate chain length accepted from servers
I would drop "maximum" and just say "Limit the certificate chain length accepted from servers". It's not worth making this change unless you have to make another change to this file.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/15163#discussion_r1358639542
More information about the security-dev
mailing list