RFR: 4337793: Mark non-serializable fields of java.security.cert.Certificate and CertPath
Sean Mullan
mullan at openjdk.java.net
Mon Nov 15 19:08:39 UTC 2021
On Mon, 15 Nov 2021 18:59:17 GMT, Roger Riggs <rriggs at openjdk.org> wrote:
> The serialized form doc for both classes should say something about what is serialized. Since it is using writeReplace, it can indicate that CertificateRep/CertPathRep is used instead (and the arguments). likely you'll need to use the @serial javadoc tag and check the generated javadoc to verify.
The `writeReplace` methods do have `@serial` tags, and they do show up in the Serialized Form of the javadoc, ex: https://docs.oracle.com/en/java/javase/17/docs/api/serialized-form.html#java.security.cert.Certificate
Is your comment more that these methods could more clearly specify what is returned?
-------------
PR: https://git.openjdk.java.net/jdk/pull/6392
More information about the security-dev
mailing list