RFR JDK-8241039, Retire the deprecated SSLSession.getPeerCertificateChain() method

Xuelei Fan xuelei.fan at oracle.com
Mon Mar 16 04:25:41 UTC 2020


Hi,

Could I get the following update reviewed?

Bug: https://bugs.openjdk.java.net/browse/JDK-8241039
CSR: https://bugs.openjdk.java.net/browse/JDK-8241047
webrev: http://cr.openjdk.java.net/~xuelei/8241039/webrev.00/

In a preview review thread,
 
https://mail.openjdk.java.net/pipermail/security-dev/2020-March/021401.html

I requested to remove the deprecated javax.security.cert APIs in JDK 15. 
  Be part of the removal, the deprecated interface method 
javax.net.ssl.SSLSession.getPeerCertificateChain() is also involved.

As SSLSession.getPeerCertificateChain() is an interface method, third 
party's implementation must override this method.  If it is removed, 
there are compiler errors unless the override implementation get removed 
in third party's source code.

Maybe, we could retire SSLSession.getPeerCertificateChain() first, and 
then come back to remove the deprecated javax.security.cert package in a 
few years.

In this update, I'm trying to change 
SSLSession.getPeerCertificateChain() to default method , throwing 
exception in the default implementation, and removing the real 
implementation in the SunJSSE provider and related code (Httpclient).

Thanks,
Xuelei


More information about the net-dev mailing list