RFR: 8311596: Add separate system properties for TLS server and client for maximum chain length [v4]
Weijun Wang
weijun at openjdk.org
Fri Oct 13 19:02:11 UTC 2023
On Fri, 13 Oct 2023 16:04:48 GMT, Hai-May Chao <hchao at openjdk.org> wrote:
>> Please review the enhancement for JDK-8311596 and its CSR JDK-8313236. Thank you.
>
> Hai-May Chao has updated the pull request incrementally with one additional commit since the last revision:
>
> Change made to configure max allowed cert chain lengths based on updated CSR
src/java.base/share/classes/sun/security/ssl/SSLConfiguration.java line 173:
> 171: */
> 172: if (maxCertificateChainLength > 0) {
> 173: if (clientLen == 8) {
If the user sets "jdk.tls.maxClientCertificateChainLength" precisely to 8 and you will ignore it?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/15163#discussion_r1358706510
More information about the security-dev
mailing list