Closed eirbjo closed 12 months ago
Looks like too many unrelated changes.
Looks like too many unrelated changes.
Oops, something is weird here with the PR, this was not intended. I'll take a look.
Oops, something is weird here with the PR, this was not intended. I'll take a look.
Alright, the PR had the wrong base branch. Retargeted to 2.4.4-RELEASE
which was the intended branch.
@eirbjo Is this PR still relevant?
@eirbjo Is this PR still relevant?
I would think so. OpenJDK would still like to remove the mentioned classes, and uses of SSLSession.getPeerCertificateChain
should be updated to use SSLSession.getPeerCertificates
instead in preparation for this change.
@arjantijms Looks good to me!
Efforts are underway in the OpenJDK project to remove the long deprecated-for-removal classes in the package
javax.security.cert
. These classes were introduced for backwards compatibility concerns with the unbundled JSSE release for JDK 1.2/1.3, but their use have been discouraged since they were introduced.It would be good to update Grizzly 2.4.x to not depend on / use these archaic APIs.
See https://bugs.openjdk.org/browse/JDK-8227024 and the corresponding CSR https://bugs.openjdk.org/browse/JDK-8227395
The
SSLSupportImplClass
currently usesgetPeerCertificateChain
, then converts the results tojava.security.cert.X509Certificate
. This seems a bit strange, since the methods could just callgetPeerCertificates
directly, which returnsjava.security.cert.X509Certificate[]
.Merging this PR would allow Grizzly 2.4.x to be used on a future JDK where the deprecated for-removal APIs in
javax.security.cert
are removed.