RFR: 8311596: Add separate system properties for TLS server and client for maximum chain length [v6]
Hai-May Chao
hchao at openjdk.org
Wed Oct 25 18:35:37 UTC 2023
On Wed, 18 Oct 2023 00:25:02 GMT, Hai-May Chao <hchao at openjdk.org> wrote:
>> Please review the enhancement for JDK-8311596 and its CSR JDK-8313236. Thank you.
>
> Hai-May Chao has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains six additional commits since the last revision:
>
> - Merge
> - Override the client/server defaults
> - Change made to configure max allowed cert chain lengths based on updated CSR
> - Merge
> - Set to default if a negative value is set
> - 8311596: Add separate system properties for TLS server and client for maximum chain length
It sounds good to me that the word "Accepted" is replaced with "Inbound". It should clear out the confusion I think. Thanks for the suggestion.
So how about changing the properties names from:
`jdk.tls.maxServerCertificateChainLength` --> `jdk.tls.client.maxInboundCertificateChainLength`
`jdk.tls.maxClientCertificateChainLength` --> `jdk.tls.server.maxInboundCertificateChainLength`
-------------
PR Comment: https://git.openjdk.org/jdk/pull/15163#issuecomment-1779834440
More information about the security-dev
mailing list