On Wed, 13 Apr 2022 07:50:55 GMT, Daniel Jeliński <[email protected]> wrote:
>> src/java.base/share/classes/sun/security/ssl/SSLAlgorithmConstraints.java
>> line 72:
>>
>>> 70: }
>>> 71:
>>> 72: static AlgorithmConstraints wrap(AlgorithmConstraints
>>> userSpecifiedConstraints) {
>>
>> I may update all of the constructors so that the accumulation of the
>> reference of userSpecifiedConstraints could be avoid further.
>>
>>
>> - this.userSpecifiedConstraints = userSpecifiedConstraints;
>> + this.userSpecifiedConstraints = userSpecifiedConstraints == DEFAULT ?
>> + null : userSpecifiedConstraints;
>>
>>
>>
>> Similar update could be placed in the getUserSpecifiedConstraints()
>> implementation.
>
> Thanks @XueleiFan for the review!
> If we do that, this will result in a behavior change for cases where
> `enabledX509DisabledAlgConstraints` = false; is that okay? Or should we set
> `enabledX509DisabledAlgConstraints` = true if `userSpecifiedConstraints ==
> DEFAULT`?
I think it is OK. The enabledX509DisabledAlgConstraints should be specified
with the withDefaultCertPathConstraints parameterm, and should not be overrode
by the userSpecifiedConstraints. I think it is a behavior that we'd like to
correct.
-------------
PR: https://git.openjdk.java.net/jdk/pull/8199
