CSR Review Request, JDK-8160247 Mark deprecated javax.security.cert APIs with forRemoval=true

Sean Mullan sean.mullan at oracle.com
Mon Feb 25 21:23:19 UTC 2019


The diffs seem out of date. The @Deprecated annotations already have 
@since="9".

There are a few JSSE APIs that reference these deprecated APIs that 
should also be marked forRemoval and included in the CSR:

HandshakeCompletedEvent.getPeerCertificateChain()
SSLSession.getPeerCertificateChain()

(I think those are the only ones, but please double-check for others).

--Sean

On 2/20/19 2:38 PM, Xuelei Fan wrote:
> Hi,
> 
> Could I get the CSR reviewed:
>      https://bugs.openjdk.java.net/browse/JDK-8219472
> 
> The javax.security.cert APIs were deprecated in 1.9 but have had the 
> following warning (since 1.4.2) in the description of each class:
> 
>      Note: The classes in the package javax.security.cert exist for
>      compatibility with earlier versions of the Java Secure Sockets
>      Extension (JSSE). New applications should instead use the standard
>      Java SE certificate classes located in java.security.cert.
> 
> Since these earlier versions of JSSE are no longer maintained or 
> supported, they should be removed in a future release.
> 
> This proposal will add forRemoval=true to the deprecated 
> javax.security.cert APIs.
> 
> Thanks,
> Xuelei


More information about the security-dev mailing list