RFR: 4337793: Mark non-serializable fields of java.security.cert.Certificate and CertPath

Roger Riggs rriggs at openjdk.java.net
Mon Nov 15 19:02:40 UTC 2021


On Mon, 15 Nov 2021 17:03:51 GMT, Sean Mullan <mullan at openjdk.org> wrote:

> Please review this 20+ year old bug (!), which marks the non-serializable fields of Certificate and CertPath with the transient modifier. These classes use an alternate serialization mechanism by overriding the writeReplace method. However, the fields of each class were never marked as transient and as a result were incorrectly documented in the Serialized Form section of the javadoc.
> 
> CSR: https://bugs.openjdk.java.net/browse/JDK-8277128

The serialized form doc for both classes should say something about what is serialized.
Since it is using writeReplace, it can indicate that CertificateRep/CertPathRep is used instead (and the arguments).
likely you'll need to use the @serial javadoc tag and check the generated javadoc to verify.

-------------

Changes requested by rriggs (Reviewer).

PR: https://git.openjdk.java.net/jdk/pull/6392


More information about the security-dev mailing list