On Fri, 13 Oct 2023 19:29:54 GMT, Hai-May Chao <hc...@openjdk.org> wrote:
>> src/java.base/share/classes/sun/security/ssl/SSLConfiguration.java line 173:
>>
>>> 171: */
>>> 172: if (maxCertificateChainLength > 0) {
>>> 173: if (clientLen == 8) {
>>
>> If the user sets "jdk.tls.maxClientCertificateChainLength" precisely to 8
>> and you will ignore it?
>
> Since 8 is the default for "jdk.tls.maxClientCertificateChainLength", it is
> going to be overridden when "jdk.tls.maxCertificateChainLength" is set.
> Setting "jdk.tls.maxClientCertificateChainLength" to 8 is treated as keeping
> the original default like no-op.
If I understand correctly, "jdk.tls.maxClientCertificateChainLength" is meant
to override "jdk.tls.maxClientCertificateChainLength" if both are defined. Then
what would happen if user has specified
`-Djdk.tls.maxClientCertificateChainLength=8
-Djdk.tls.maxCertificateChainLength=4`?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/15163#discussion_r1358873304
