On 3/16/2020 3:37 AM, Daniel Fuchs wrote:
Hi Xuelei,
HandshakeCompletedEvent.java: typo:
186 "This method has retired, pleaase use the " +
Same in SSLSession.java:
303 "This method has retired, pleaase use the " +
I removed the sections per Alan's comment.
WRT to the HttpClient code I wonder whether the deprecated method
should be kept. On the one hand I'd welcome the removal of
the implemenatation of terminally deprecated methods.
On the other hand the two classes in HttpClient implement simple
delegation over an SSLSession object. Unless we can guarantee that
this object is our own implementation, maybe the delegation should
be kept - and the throwing of UnsupportedOperationException left
up to the delegate object?
I am not sure what's the best course here.
There are compiler error if SSLSession.getPeerCertificateChain() get
removed, while the implementation override it. As one of the goals, the
implementation, especially third party provider that is intended to
support multiple releases, should remove override implementation as soon
as possible, without waiting for the removal of the
SSLSession.getPeerCertificateChain() method. Otherwise, there are still
compiler error when we want to remove this interface method in the future.
It should be fine to keep the HttpClient implementation as it only ship
with the current JDK release. But if you don't mind, I would like to
remove it to show an example about how to handle with the method in
third party's source code.
Thanks,
Xuelei
best regards
-- daniel
On 16/03/2020 04:25, Xuelei Fan wrote:
Hi,
Could I get the following update reviewed?
Bug: https://bugs.openjdk.java.net/browse/JDK-8241039
CSR: https://bugs.openjdk.java.net/browse/JDK-8241047
webrev: http://cr.openjdk.java.net/~xuelei/8241039/webrev.00/
In a preview review thread,
https://mail.openjdk.java.net/pipermail/security-dev/2020-March/021401.html
I requested to remove the deprecated javax.security.cert APIs in JDK
15. Be part of the removal, the deprecated interface method
javax.net.ssl.SSLSession.getPeerCertificateChain() is also involved.
As SSLSession.getPeerCertificateChain() is an interface method, third
party's implementation must override this method. If it is removed,
there are compiler errors unless the override implementation get
removed in third party's source code.
Maybe, we could retire SSLSession.getPeerCertificateChain() first, and
then come back to remove the deprecated javax.security.cert package in
a few years.
In this update, I'm trying to change
SSLSession.getPeerCertificateChain() to default method , throwing
exception in the default implementation, and removing the real
implementation in the SunJSSE provider and related code (Httpclient).
Thanks,
Xuelei
