RFR: 8311596: Add separate system properties for TLS server and client for maximum chain length [v4]

Weijun Wang weijun at openjdk.org
Fri Oct 13 19:02:11 UTC 2023


On Fri, 13 Oct 2023 16:04:48 GMT, Hai-May Chao <hchao at openjdk.org> wrote:

>> Please review the enhancement for JDK-8311596 and its CSR JDK-8313236. Thank you.
>
> Hai-May Chao has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Change made to configure max allowed cert chain lengths based on updated CSR

src/java.base/share/classes/sun/security/ssl/SSLConfiguration.java line 173:

> 171:          */
> 172:         if (maxCertificateChainLength > 0) {
> 173:             if (clientLen == 8) {

If the user sets "jdk.tls.maxClientCertificateChainLength" precisely to 8 and you will ignore it?

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/15163#discussion_r1358706510


More information about the security-dev mailing list