RFR: 8311596: Add separate system properties for TLS server and client for maximum chain length [v7]

Sean Mullan mullan at openjdk.org
Fri Oct 27 20:21:34 UTC 2023


On Fri, 27 Oct 2023 20:07:07 GMT, Weijun Wang <weijun at openjdk.org> wrote:

>> Hai-May Chao has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>   Change property names to clearly indicate client side and server side
>
> src/java.base/share/classes/sun/security/ssl/SSLConfiguration.java line 160:
> 
>> 158:                 "jdk.tls.server.maxInboundCertificateChainLength");
>> 159:         if (inboundClientLen == null || inboundClientLen < 0) {
>> 160:             inboundClientLen = 8;
> 
> The logic is little too long for me to digest. I wonder if we can just rewrite the line above to
> 
> inboundClientLen = globalPropSet ? maxCertificateChainLength : 8;
> 
> then there is no need for `serverPropSet` and `clientPropSet`.

Hmm, but how does this work? The inbound properties override the global property if both are set.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/15163#discussion_r1375007615


More information about the security-dev mailing list