RFR: 4337793: Mark non-serializable fields of java.security.cert.Certificate and CertPath
Roger Riggs
rriggs at openjdk.java.net
Mon Nov 15 19:02:40 UTC 2021
On Mon, 15 Nov 2021 17:03:51 GMT, Sean Mullan <mullan at openjdk.org> wrote:
> Please review this 20+ year old bug (!), which marks the non-serializable fields of Certificate and CertPath with the transient modifier. These classes use an alternate serialization mechanism by overriding the writeReplace method. However, the fields of each class were never marked as transient and as a result were incorrectly documented in the Serialized Form section of the javadoc.
>
> CSR: https://bugs.openjdk.java.net/browse/JDK-8277128
The serialized form doc for both classes should say something about what is serialized.
Since it is using writeReplace, it can indicate that CertificateRep/CertPathRep is used instead (and the arguments).
likely you'll need to use the @serial javadoc tag and check the generated javadoc to verify.
-------------
Changes requested by rriggs (Reviewer).
PR: https://git.openjdk.java.net/jdk/pull/6392
More information about the security-dev
mailing list