On Fri, 13 Oct 2023 18:59:44 GMT, Weijun Wang <wei...@openjdk.org> wrote:
>> Hai-May Chao has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Change made to configure max allowed cert chain lengths based on updated
>> CSR
>
> src/java.base/share/classes/sun/security/ssl/SSLConfiguration.java line 173:
>
>> 171: */
>> 172: if (maxCertificateChainLength > 0) {
>> 173: if (clientLen == 8) {
>
> If the user sets "jdk.tls.maxClientCertificateChainLength" precisely to 8 and
> you will ignore it?
Since 8 is the default for "jdk.tls.maxClientCertificateChainLength", it is
going to be overridden when "jdk.tls.maxCertificateChainLength" is set. Setting
"jdk.tls.maxClientCertificateChainLength" to 8 is treated as keeping the
original default like no-op.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/15163#discussion_r1358734387
