RFR: 8311596: Add separate system properties for TLS server and client for maximum chain length [v7]
Sean Mullan
mullan at openjdk.org
Fri Oct 27 20:21:34 UTC 2023
On Fri, 27 Oct 2023 20:07:07 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> Hai-May Chao has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Change property names to clearly indicate client side and server side
>
> src/java.base/share/classes/sun/security/ssl/SSLConfiguration.java line 160:
>
>> 158: "jdk.tls.server.maxInboundCertificateChainLength");
>> 159: if (inboundClientLen == null || inboundClientLen < 0) {
>> 160: inboundClientLen = 8;
>
> The logic is little too long for me to digest. I wonder if we can just rewrite the line above to
>
> inboundClientLen = globalPropSet ? maxCertificateChainLength : 8;
>
> then there is no need for `serverPropSet` and `clientPropSet`.
Hmm, but how does this work? The inbound properties override the global property if both are set.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/15163#discussion_r1375007615
More information about the security-dev
mailing list