JDK 14 RFR of JDK-8231262: Suppress warnings on non-serializable instance fields in security libs serializable classes
Joe Darcy
joe.darcy at oracle.com
Wed Oct 9 16:24:09 UTC 2019
Hi Chris and Sean,
I'll push a fix for JDK-8231262 with a single class-level suppression in
X509CertImpl:
@SuppressWarnings("serial") // See writeReplace method in Certificate
I've filed
JDK-8232062: Clarify serialization mechanisms of X509CertImpl
for the follow-up work.
Thanks,
-Joe
On 10/9/2019 7:14 AM, Chris Hegarty wrote:
>
>
> On 09/10/2019 14:54, Sean Mullan wrote:
>> ...
>>
>> X509CertImpl extends X509Certificate which extends Certificate.
>> Certificate has a writeReplace method.
>
> Another possible follow-on is to add readObject methods, that
> unconditionally throw, to both X509Certificate and X509CertImpl, since
> serialized instances of these types should not appear in the stream.
> That would be a nice addition to the suggestion to make all the fields
> transient - and improve the readability of the code.
>
> -Chris.
More information about the security-dev
mailing list