RFR: 8311596: Add separate system properties for TLS server and client for maximum chain length [v8]
Sean Mullan
mullan at openjdk.org
Mon Oct 30 14:17:36 UTC 2023
On Fri, 27 Oct 2023 20:17:15 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> Hai-May Chao has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Change maxCertificateChainLength to be a local variable
>
> src/java.base/share/classes/sun/security/ssl/SSLConfiguration.java line 178:
>
>> 176: * the jdk.tls.maxCertificateChainLength property will not override
>> 177: * the values.
>> 178: */
>
> English is not my native language, but I have some comment on the wording. Normally we don't say `maxCertificateChainLength` overrides `maxInboundCertificateChainLength`. In fact, it is `maxInboundCertificateChainLength` that _overrides_ `maxCertificateChainLength`. When `maxInboundCertificateChainLength` is not set, it _fallbacks_ to `maxCertificateChainLength` (if set) or a _default_ value (8).
I agree that wording is more clear. We should also update the RN with that wording.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/15163#discussion_r1376291645
More information about the security-dev
mailing list