Could we backport the default SSLSession.getPeerCertificateChain method to 11?
Eirik Bjørsnøs
eirbjo at gmail.com
Sat Apr 15 08:23:50 UTC 2023
Sean,
On Fri, Apr 14, 2023 at 9:18 PM Sean Mullan <sean.mullan at oracle.com> wrote:
> Not possible right now AFAICT, but I will keep it in mind as a candidate
> API change for the next MR, if and when that may occur.
Thanks for your analysis, this was enlightening. Too bad our timing is off,
but such is life :-)
I found the Compatibility risk description in the CSR a bit interesting:
There might be some applications that still use the deprecated
> SSLSession.getPeerCertificateChain() API. But they have had plenty of
> advance warning to switch to use the equivalent
> SSLSession.getPeerCertificates() API that use the java.security.cert APIs
> instead.
Any existing application calling SSLSession.getPeerCertificateChain() will
do so on some existing implementation which already overrides this method.
So these applications should not observe a behavioural change.
The only behavioural change I see that could surprise anyone is the set of
applications which today fails to compile because they don't
override getPeerCertificateChain. These applications may be surprised that
their source code suddenly compiles.
But compatibility is a tricky topic, so I assume I'm missing some subtlety
here.
Eirik :-)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20230415/7d75d28b/attachment.htm>
More information about the security-dev
mailing list