CSR Review Request, JDK-8160247 Mark deprecated javax.security.cert APIs with forRemoval=true

Xuelei Fan xuelei.fan at oracle.com
Tue Feb 26 03:35:21 UTC 2019

All comments make sense to me.  I have updated the CSR accordingly.


On 2/25/2019 1:23 PM, Sean Mullan wrote:
> The diffs seem out of date. The @Deprecated annotations already have 
> @since="9".
> There are a few JSSE APIs that reference these deprecated APIs that 
> should also be marked forRemoval and included in the CSR:
> HandshakeCompletedEvent.getPeerCertificateChain()
> SSLSession.getPeerCertificateChain()
> (I think those are the only ones, but please double-check for others).
> --Sean
> On 2/20/19 2:38 PM, Xuelei Fan wrote:
>> Hi,
>> Could I get the CSR reviewed:
>>      https://bugs.openjdk.java.net/browse/JDK-8219472
>> The javax.security.cert APIs were deprecated in 1.9 but have had the 
>> following warning (since 1.4.2) in the description of each class:
>>      Note: The classes in the package javax.security.cert exist for
>>      compatibility with earlier versions of the Java Secure Sockets
>>      Extension (JSSE). New applications should instead use the standard
>>      Java SE certificate classes located in java.security.cert.
>> Since these earlier versions of JSSE are no longer maintained or 
>> supported, they should be removed in a future release.
>> This proposal will add forRemoval=true to the deprecated 
>> javax.security.cert APIs.
>> Thanks,
>> Xuelei

More information about the security-dev mailing list