RFR: 8311596: Add separate system properties for TLS server and client for maximum chain length [v7]
Weijun Wang
weijun at openjdk.org
Fri Oct 27 20:21:35 UTC 2023
On Fri, 27 Oct 2023 20:15:41 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> src/java.base/share/classes/sun/security/ssl/SSLConfiguration.java line 160:
>>
>>> 158: "jdk.tls.server.maxInboundCertificateChainLength");
>>> 159: if (inboundClientLen == null || inboundClientLen < 0) {
>>> 160: inboundClientLen = 8;
>>
>> The logic is little too long for me to digest. I wonder if we can just rewrite the line above to
>>
>> inboundClientLen = globalPropSet ? maxCertificateChainLength : 8;
>>
>> then there is no need for `serverPropSet` and `clientPropSet`.
>
> Hmm, but how does this work? The inbound properties override the global property if both are set.
This belongs to the `if (inboundClientLen == null || inboundClientLen < 0)` side. The else side stays the same.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/15163#discussion_r1375009903
More information about the security-dev
mailing list