[prev in list] [next in list] [prev in thread] [next in thread]
List: openjdk-security-dev
Subject: Re: JDK 14 RFR of JDK-8231262: Suppress warnings on non-serializable instance fields in security lib
From: Joe Darcy <joe.darcy () oracle ! com>
Date: 2019-10-09 16:24:09
Message-ID: 7cc4a6aa-a12d-7cd2-87f2-2ce39872fbba () oracle ! com
[Download RAW message or body]
Hi Chris and Sean,
I'll push a fix for JDK-8231262 with a single class-level suppression in
X509CertImpl:
@SuppressWarnings("serial") // See writeReplace method in Certificate
I've filed
JDK-8232062: Clarify serialization mechanisms of X509CertImpl
for the follow-up work.
Thanks,
-Joe
On 10/9/2019 7:14 AM, Chris Hegarty wrote:
>
>
> On 09/10/2019 14:54, Sean Mullan wrote:
>> ...
>>
>> X509CertImpl extends X509Certificate which extends Certificate.
>> Certificate has a writeReplace method.
>
> Another possible follow-on is to add readObject methods, that
> unconditionally throw, to both X509Certificate and X509CertImpl, since
> serialized instances of these types should not appear in the stream.
> That would be a nice addition to the suggestion to make all the fields
> transient - and improve the readability of the code.
>
> -Chris.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic