On Fri, 20 Oct 2023 17:19:52 GMT, Xue-Lei Andrew Fan <xue...@openjdk.org> wrote:
>> Hai-May Chao has updated the pull request with a new target base due to a >> merge or a rebase. The incremental webrev excludes the unrelated changes >> brought in by the merge/rebase. The pull request contains six additional >> commits since the last revision: >> >> - Merge >> - Override the client/server defaults >> - Change made to configure max allowed cert chain lengths based on updated >> CSR >> - Merge >> - Set to default if a negative value is set >> - 8311596: Add separate system properties for TLS server and client for >> maximum chain length > > I was wondering, if it is easier to learn and remember/search by following > the naming style "jdk.tls.client.XXX" or "jdk.tls.server.XXX" in SunJSSE > provider? @XueleiFan The current properties named` jdk.tls.client.*` and `jdk.tls.server.*` apply to settings either on the client or the server, so we'd have to rename the properties here. My suggestion is to: - Change `jdk.tls.maxServerCertificateChainLength` to `jdk.tls.client.maxAcceptedCertificateChainLength` - Change `jdk.tls.maxClientCertificateChainLength` to `jdk.tls.server.maxAcceptedCertificateChainLength` Thanks! ------------- PR Comment: https://git.openjdk.org/jdk/pull/15163#issuecomment-1777609067
