On Mon, 6 Nov 2023 20:48:59 GMT, Hai-May Chao <hc...@openjdk.org> wrote:
>> I think the wording of the comment is somewhat confusing because it is >> trying to explain the behavior of both properties together and the words >> "either" and "neither" may be hard to parse. I recommend separate comment >> blocks for each property. Here is a suggestion for the server side setting: >> >> >> /* >> * maxInboundClientCertChainLen is the maximum length of a client certificate >> * chain accepted by a server. It is determined as follows: >> * - If the jdk.tls.server.maxInboundCertificateChainLength system property >> * is set and its value >= 0, it uses that value. >> * - Otherwise, if the jdk.tls.maxCertificateChainLength system property is >> * set and its value >= 0, it uses that value. >> * - Otherwise it is set to a default value of 8. >> */ >> >> >> The client side setting would be similar. > > Yes, I can place the comments in the code blocks for the server-side setting > and client-side setting, respectively. > @XueleiFan Any feedback before I'm making this comment change? > I will also update the release note accordingly. Thanks! I'm not sure if there is a clear reason to change the default value from 10 to 8. I'm fine if you want to keep to use value 10 for less compatibility issues. Otherwise, I have no more comment. Thanks! > Yes, I can place the comments in the code blocks for the server-side setting > and client-side setting, respectively. @XueleiFan Any feedback before I'm > making this comment change? I will also update the release note accordingly. > Thanks! ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/15163#discussion_r1384494328