Re: RFR JDK-8227024 : Remove the deprecated javax.security.cert APIs
Hi, Thank you all for the review. This is a note to cancel this update. During the review, we got concerns about the compatibility impact about the removal of the interface method (SSLSession.getPeerCertificateChain()). Maybe, I should move forward to resolve the concern first, and then come back for the removal in a few years. For more details, please refer to the new code review request: https://mail.openjdk.java.net/pipermail/security-dev/2020-March/021421.html Thanks & Regards, Xuelei On 3/12/2020 10:34 AM, Xuelei Fan wrote: And the release note task: https://bugs.openjdk.java.net/browse/JDK-8240968 Xuelei On 3/12/2020 9:47 AM, Xuelei Fan wrote: Hi, Could I get the following update reviewed? CSR: https://bugs.openjdk.java.net/browse/JDK-8227395 Webrev: http://cr.openjdk.java.net/~xuelei/8227024/webrev.00/ The legacy javax.security.cert APIs and the dependent were initially deprecated in Java SE 9 and marked for removal in Java SE 13. Applications should use the java.security.cert APIs for now. This is a request to remove the deprecated javax.security.cert APIs. The use of the legacy APIs should be rare now. But please let me know if you have concerns before March 19, 2019. Thanks & Regards, Xuelei
RFR JDK-8241039, Retire the deprecated SSLSession.getPeerCertificateChain() method
Hi, Could I get the following update reviewed? Bug: https://bugs.openjdk.java.net/browse/JDK-8241039 CSR: https://bugs.openjdk.java.net/browse/JDK-8241047 webrev: http://cr.openjdk.java.net/~xuelei/8241039/webrev.00/ In a preview review thread, https://mail.openjdk.java.net/pipermail/security-dev/2020-March/021401.html I requested to remove the deprecated javax.security.cert APIs in JDK 15. Be part of the removal, the deprecated interface method javax.net.ssl.SSLSession.getPeerCertificateChain() is also involved. As SSLSession.getPeerCertificateChain() is an interface method, third party's implementation must override this method. If it is removed, there are compiler errors unless the override implementation get removed in third party's source code. Maybe, we could retire SSLSession.getPeerCertificateChain() first, and then come back to remove the deprecated javax.security.cert package in a few years. In this update, I'm trying to change SSLSession.getPeerCertificateChain() to default method , throwing exception in the default implementation, and removing the real implementation in the SunJSSE provider and related code (Httpclient). Thanks, Xuelei
