Hi Chris and Sean,
I'll push a fix for JDK-8231262 with a single class-level suppression in
X509CertImpl:
@SuppressWarnings("serial") // See writeReplace method in Certificate
I've filed
JDK-8232062: Clarify serialization mechanisms of X509CertImpl
for the follow-up work.
Thanks,
-Joe
On 10/9/2019 7:14 AM, Chris Hegarty wrote:
On 09/10/2019 14:54, Sean Mullan wrote:
...
X509CertImpl extends X509Certificate which extends Certificate.
Certificate has a writeReplace method.
Another possible follow-on is to add readObject methods, that
unconditionally throw, to both X509Certificate and X509CertImpl, since
serialized instances of these types should not appear in the stream.
That would be a nice addition to the suggestion to make all the fields
transient - and improve the readability of the code.
-Chris.