RFR: 8311596: Add separate system properties for TLS server and client for maximum chain length [v6]
Kevin Driver
kdriver at openjdk.org
Fri Oct 20 18:42:34 UTC 2023
On Mon, 7 Aug 2023 15:48:08 GMT, Mark Powers <mpowers at openjdk.org> wrote:
>> Hai-May Chao has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains six additional commits since the last revision:
>>
>> - Merge
>> - Override the client/server defaults
>> - Change made to configure max allowed cert chain lengths based on updated CSR
>> - Merge
>> - Set to default if a negative value is set
>> - 8311596: Add separate system properties for TLS server and client for maximum chain length
>
> src/java.base/share/classes/sun/security/ssl/SSLConfiguration.java line 150:
>
>> 148: */
>> 149: static {
>> 150: Integer clientLen = GetIntegerAction.privilegedGetProperty(
>
> I think you could call `privilegedGetProperty` with the default value as second argument.
If I'm looking at the latest version, I don't see @mcpowers suggestion implemented. He's suggesting using the method with this signature:
public static String privilegedGetProperty(String theProp, String defaultVal)
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/15163#discussion_r1367380332
More information about the security-dev
mailing list