On Mon, 30 Oct 2023 14:14:25 GMT, Sean Mullan <mul...@openjdk.org> wrote:
>> src/java.base/share/classes/sun/security/ssl/SSLConfiguration.java line 178:
>>
>>> 176: * the jdk.tls.maxCertificateChainLength property will not
>>> override
>>> 177: * the values.
>>> 178: */
>>
>> English is not my native language, but I have some comment on the wording.
>> Normally we don't say `maxCertificateChainLength` overrides
>> `maxInboundCertificateChainLength`. In fact, it is
>> `maxInboundCertificateChainLength` that _overrides_
>> `maxCertificateChainLength`. When `maxInboundCertificateChainLength` is not
>> set, it _fallbacks_ to `maxCertificateChainLength` (if set) or a _default_
>> value (8).
>
> I agree that wording is more clear. We should also update the RN with that
> wording.
This section of comments was taken from the CSR. I updated the comments as
follows. If it looks fine, I will update the related doc. Thanks!
/*
* If either jdk.tls.server.maxInboundCertificateChainLength or
* jdk.tls.client.maxInboundCertificateChainLength is set, it will
* override jdk.tls.maxCertificateChainLength, regardless of whether
* jdk.tls.maxCertificateChainLength is set or not.
* If neither jdk.tls.server.maxInboundCertificateChainLength nor
* jdk.tls.client.maxInboundCertificateChainLength is set, the behavior
* depends on the setting of jdk.tls.maxCertificateChainLength. If
* jdk.tls.maxCertificateChainLength is set, it falls back to that
* value; otherwise, it defaults to 8 for
* jdk.tls.server.maxInboundCertificateChainLength
* and 10 for jdk.tls.client.maxInboundCertificateChainLength.
* Usesrs can independently set either
* jdk.tls.server.maxInboundCertificateChainLength or
* jdk.tls.client.maxInboundCertificateChainLength.
*/
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/15163#discussion_r1376841239
