[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openjdk-security-dev
Subject:    Re: JDK 14 RFR of JDK-8231262: Suppress warnings on non-serializable instance fields in security lib
From:       Joe Darcy <joe.darcy () oracle ! com>
Date:       2019-10-09 16:24:09
Message-ID: 7cc4a6aa-a12d-7cd2-87f2-2ce39872fbba () oracle ! com
[Download RAW message or body]

Hi Chris and Sean,

I'll push a fix for JDK-8231262 with a single class-level suppression in 
X509CertImpl:

        @SuppressWarnings("serial") // See writeReplace method in Certificate

I've filed

               JDK-8232062: Clarify serialization mechanisms of X509CertImpl

for the follow-up work.

Thanks,

-Joe

On 10/9/2019 7:14 AM, Chris Hegarty wrote:
>
>
> On 09/10/2019 14:54, Sean Mullan wrote:
>> ...
>>
>> X509CertImpl extends X509Certificate which extends Certificate. 
>> Certificate has a writeReplace method.
>
> Another possible follow-on is to add readObject methods, that 
> unconditionally throw, to both X509Certificate and X509CertImpl, since 
> serialized instances of these types should not appear in the stream. 
> That would be a nice addition to the suggestion to make all the fields 
> transient - and improve the readability of the code.
>
> -Chris.
[prev in list] [next in list] [prev in thread] [next in thread]