On Fri, 13 Oct 2023 21:43:58 GMT, Weijun Wang <wei...@openjdk.org> wrote:
>> Since 8 is the default for "jdk.tls.maxClientCertificateChainLength", it is >> going to be overridden when "jdk.tls.maxCertificateChainLength" is set. >> Setting "jdk.tls.maxClientCertificateChainLength" to 8 is treated as keeping >> the original default like no-op. > > If I understand correctly, "jdk.tls.maxClientCertificateChainLength" is meant > to override "jdk.tls.maxClientCertificateChainLength" if both are defined. > Then what would happen if user has specified > `-Djdk.tls.maxClientCertificateChainLength=8 > -Djdk.tls.maxCertificateChainLength=4`? `jdk.tls.maxCertificateChainLength` will only override `jdk.tls.maxClientCertificateChainLength` if `jdk.tls.maxCertificateChainLength` is set AND `jdk.tls.maxClientCertificateChainLength` is using the default. For the case your provided here, `jdk.tls.maxClientCertificateChainLength` will be overridden to be 4 which is set by `jdk.tls.maxCertificateChainLength`. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/15163#discussion_r1358946093
