RFR: 8311596: Add separate system properties for TLS server and client for maximum chain length [v7]
Weijun Wang
weijun at openjdk.org
Fri Oct 27 20:27:33 UTC 2023
On Fri, 27 Oct 2023 20:19:01 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> Hmm, but how does this work? The inbound properties override the global property if both are set.
>
> This belongs to the `if (inboundClientLen == null || inboundClientLen < 0)` side. The else side stays the same.
Precisely, it's
if (inboundServerLen == null || inboundServerLen < 0) {
maxInboundClientCertChainLen = globalPropSet ? maxCertificateChainLength : 8;;
} else {
maxInboundClientCertChainLen = inboundServerLen;
}
and nothing else is needed.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/15163#discussion_r1375011896
More information about the security-dev
mailing list