RFR: 8311596: Add separate system properties for TLS server and client for maximum chain length [v7]
Weijun Wang
weijun at openjdk.org
Fri Oct 27 20:12:50 UTC 2023
On Thu, 26 Oct 2023 20:44:45 GMT, Hai-May Chao <hchao at openjdk.org> wrote:
>> Please review the enhancement for JDK-8311596 and its CSR JDK-8313236. Thank you.
>
> Hai-May Chao has updated the pull request incrementally with one additional commit since the last revision:
>
> Change property names to clearly indicate client side and server side
src/java.base/share/classes/sun/security/ssl/SSLConfiguration.java line 154:
> 152: globalPropSet = true;
> 153: }
> 154: maxCertificateChainLength = certLen;
There is no need to set `certLen` or `maxCertificateChainLength` when `globalPropSet` is false.
src/java.base/share/classes/sun/security/ssl/SSLConfiguration.java line 160:
> 158: "jdk.tls.server.maxInboundCertificateChainLength");
> 159: if (inboundClientLen == null || inboundClientLen < 0) {
> 160: inboundClientLen = 8;
The logic is little too long for me to digest. I wonder if we can just rewrite the line above to
inboundClientLen = globalPropSet ? maxCertificateChainLength : 8;
then there is no need for `serverPropSet` and `clientPropSet`.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/15163#discussion_r1375001797
PR Review Comment: https://git.openjdk.org/jdk/pull/15163#discussion_r1375000423
More information about the security-dev
mailing list