On Mon, 7 Aug 2023 17:23:11 GMT, Jamil Nimeh <jni...@openjdk.org> wrote:
>> Hai-May Chao has updated the pull request incrementally with one additional >> commit since the last revision: >> >> Set to default if a negative value is set > > src/java.base/share/classes/sun/security/ssl/SSLConfiguration.java line 159: > >> 157: maxServerCertificateChainLength = (serverLen != null) ? >> 158: serverLen : maxCertificateChainLength; >> 159: } > > I wonder if we should take the opportunity here with these new properties as > well as `jdk.tls.maxCertificateChainLength` to also equate negative numbers > (and maybe zero) to be the default. Right now only property values that fail > the internal parseInt conversion will evaluate to `null` and would be > assigned the default I think. But a negative value I think would be taken > as-is from the property. Should a negative max cert chain length get set to > the default? If so, it might also make sense to give a warning about the > offending value and note that it is being set to the default (similar to what > `GetPropertyAction.privilegedGetTimeoutProp()` does). > If you think this is worthwhile, the CSR should probably be updated to > reflect that also. Change made to set to the default when a negative value is set for these system properties. Updated CSR for this. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/15163#discussion_r1317760469
