RFR: 8311596: Add separate system properties for TLS server and client for maximum chain length [v7]

Weijun Wang weijun at openjdk.org
Fri Oct 27 20:12:50 UTC 2023


On Thu, 26 Oct 2023 20:44:45 GMT, Hai-May Chao <hchao at openjdk.org> wrote:

>> Please review the enhancement for JDK-8311596 and its CSR JDK-8313236. Thank you.
>
> Hai-May Chao has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Change property names to clearly indicate client side and server side

src/java.base/share/classes/sun/security/ssl/SSLConfiguration.java line 154:

> 152:             globalPropSet = true;
> 153:         }
> 154:         maxCertificateChainLength = certLen;

There is no need to set `certLen` or `maxCertificateChainLength` when `globalPropSet` is false.

src/java.base/share/classes/sun/security/ssl/SSLConfiguration.java line 160:

> 158:                 "jdk.tls.server.maxInboundCertificateChainLength");
> 159:         if (inboundClientLen == null || inboundClientLen < 0) {
> 160:             inboundClientLen = 8;

The logic is little too long for me to digest. I wonder if we can just rewrite the line above to

inboundClientLen = globalPropSet ? maxCertificateChainLength : 8;

then there is no need for `serverPropSet` and `clientPropSet`.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/15163#discussion_r1375001797
PR Review Comment: https://git.openjdk.org/jdk/pull/15163#discussion_r1375000423


More information about the security-dev mailing list