RFR: 8311596: Add separate system properties for TLS server and client for maximum chain length [v7]
Hai-May Chao
hchao at openjdk.org
Mon Oct 30 22:01:03 UTC 2023
On Fri, 27 Oct 2023 20:22:05 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> This belongs to the `if (inboundClientLen == null || inboundClientLen < 0)` side. The else side stays the same.
>
> Precisely, it's
>
> if (inboundServerLen == null || inboundServerLen < 0) {
> maxInboundClientCertChainLen = globalPropSet ? maxCertificateChainLength : 8;;
> } else {
> maxInboundClientCertChainLen = inboundServerLen;
> }
>
> and nothing else is needed.
Updated as suggested. Changed code to:
if (inboundServerLen == null || inboundServerLen < 0) {
maxInboundServerCertChainLen = globalPropSet ? maxCertificateChainLength : 10;
} else {
maxInboundServerCertChainLen = inboundServerLen;
}
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/15163#discussion_r1376841191
More information about the security-dev
mailing list