On Wed, 1 Nov 2023 14:13:32 GMT, Sean Mullan <mul...@openjdk.org> wrote:
>> When no system property is set, previously max inbound length is 10, now >> it's 8. > > I think the wording of the comment is somewhat confusing because it is trying > to explain the behavior of both properties together and the words "either" > and "neither" may be hard to parse. I recommend separate comment blocks for > each property. Here is a suggestion for the server side setting: > > > /* > * maxInboundClientCertChainLen is the maximum length of a client certificate > * chain accepted by a server. It is determined as follows: > * - If the jdk.tls.server.maxInboundCertificateChainLength system property > * is set and its value >= 0, it uses that value. > * - Otherwise, if the jdk.tls.maxCertificateChainLength system property is > * set and its value >= 0, it uses that value. > * - Otherwise it is set to a default value of 8. > */ > > > The client side setting would be similar. Yes, I can place the comments in the code blocks for the server-side setting and client-side setting, respectively. @XueleiFan Any feedback before I'm making this comment change? I will also update the release note accordingly. Thanks! ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/15163#discussion_r1383967102
