On Fri, 13 Oct 2023 23:15:15 GMT, Weijun Wang <wei...@openjdk.org> wrote:
>> `jdk.tls.maxCertificateChainLength` will only override >> `jdk.tls.maxClientCertificateChainLength` if >> `jdk.tls.maxCertificateChainLength` is set AND >> `jdk.tls.maxClientCertificateChainLength` is using the default. For the case >> your provided here, `jdk.tls.maxClientCertificateChainLength` will be >> overridden to be 4 which is set by `jdk.tls.maxCertificateChainLength`. > > That's not my understanding. Since `jdk.tls.maxClientCertificateChainLength` > is explicitly set on the command line you should honor it. Yes, I agree that if the application sets `jdk.tls.maxClientCertificateChainLength` or `jdk.tls.maxServerCertificateChainLength`, it should always take precedence even if the specified value is the same as the default. This would also preserve application behavior if one day we want to change the default to something else. You will need to first see if these properties are set before assigning the default value. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/15163#discussion_r1360672720
