On Wed, 13 Apr 2022 07:50:55 GMT, Daniel Jeliński <djelin...@openjdk.org> wrote:
>> src/java.base/share/classes/sun/security/ssl/SSLAlgorithmConstraints.java >> line 72: >> >>> 70: } >>> 71: >>> 72: static AlgorithmConstraints wrap(AlgorithmConstraints >>> userSpecifiedConstraints) { >> >> I may update all of the constructors so that the accumulation of the >> reference of userSpecifiedConstraints could be avoid further. >> >> >> - this.userSpecifiedConstraints = userSpecifiedConstraints; >> + this.userSpecifiedConstraints = userSpecifiedConstraints == DEFAULT ? >> + null : userSpecifiedConstraints; >> >> >> >> Similar update could be placed in the getUserSpecifiedConstraints() >> implementation. > > Thanks @XueleiFan for the review! > If we do that, this will result in a behavior change for cases where > `enabledX509DisabledAlgConstraints` = false; is that okay? Or should we set > `enabledX509DisabledAlgConstraints` = true if `userSpecifiedConstraints == > DEFAULT`? I think it is OK. The enabledX509DisabledAlgConstraints should be specified with the withDefaultCertPathConstraints parameterm, and should not be overrode by the userSpecifiedConstraints. I think it is a behavior that we'd like to correct. ------------- PR: https://git.openjdk.java.net/jdk/pull/8199