RFR JDK-8241039, Retire the deprecated SSLSession.getPeerCertificateChain() method
Xuelei Fan
xuelei.fan at oracle.com
Mon Mar 16 16:49:09 UTC 2020
Good catch! Updated in the webrev:
http://cr.openjdk.java.net/~xuelei/8241039/webrev.01/
Xuelei
On 3/16/2020 5:18 AM, Sean Mullan wrote:
> 302 throw new UnsupportedOperationException(
> 303 "This method has retired, pleaase use the " +
> 304 "getPeerCertificates() method instead.");
>
>
> Not sure the word "retired" is the correct term here. It is unusual to
> see that term with respect to APIs. I would use the common terms
> associated with deprecated methods. How about:
>
> throw new UnsupportedOperationException(
> "This method is deprecated and marked for removal. Use the
> " +
> "getPeerCertificates() method instead.");
>
> --Sean
>
> On 3/16/20 12:25 AM, Xuelei Fan wrote:
>> Hi,
>>
>> Could I get the following update reviewed?
>>
>> Bug: https://bugs.openjdk.java.net/browse/JDK-8241039
>> CSR: https://bugs.openjdk.java.net/browse/JDK-8241047
>> webrev: http://cr.openjdk.java.net/~xuelei/8241039/webrev.00/
>>
>> In a preview review thread,
>>
>> https://mail.openjdk.java.net/pipermail/security-dev/2020-March/021401.html
>>
>>
>> I requested to remove the deprecated javax.security.cert APIs in JDK
>> 15. Be part of the removal, the deprecated interface method
>> javax.net.ssl.SSLSession.getPeerCertificateChain() is also involved.
>>
>> As SSLSession.getPeerCertificateChain() is an interface method, third
>> party's implementation must override this method. If it is removed,
>> there are compiler errors unless the override implementation get
>> removed in third party's source code.
>>
>> Maybe, we could retire SSLSession.getPeerCertificateChain() first, and
>> then come back to remove the deprecated javax.security.cert package in
>> a few years.
>>
>> In this update, I'm trying to change
>> SSLSession.getPeerCertificateChain() to default method , throwing
>> exception in the default implementation, and removing the real
>> implementation in the SunJSSE provider and related code (Httpclient).
>>
>> Thanks,
>> Xuelei
More information about the security-dev
mailing list