On Fri, 13 Oct 2023 22:57:25 GMT, Hai-May Chao <hc...@openjdk.org> wrote:
>> If I understand correctly, "jdk.tls.maxClientCertificateChainLength" is >> meant to override "jdk.tls.maxClientCertificateChainLength" if both are >> defined. Then what would happen if user has specified >> `-Djdk.tls.maxClientCertificateChainLength=8 >> -Djdk.tls.maxCertificateChainLength=4`? > > `jdk.tls.maxCertificateChainLength` will only override > `jdk.tls.maxClientCertificateChainLength` if > `jdk.tls.maxCertificateChainLength` is set AND > `jdk.tls.maxClientCertificateChainLength` is using the default. For the case > your provided here, `jdk.tls.maxClientCertificateChainLength` will be > overridden to be 4 which is set by `jdk.tls.maxCertificateChainLength`. That's not my understanding. Since `jdk.tls.maxClientCertificateChainLength` is explicitly set on the command line you should honor it. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/15163#discussion_r1358952446
