kofemann
commented
1 year ago Looks like too many unrelated changes.
Closed eirbjo closed 12 months ago
kofemann
commented
1 year ago Looks like too many unrelated changes.
eirbjo
commented
1 year ago Looks like too many unrelated changes.
Oops, something is weird here with the PR, this was not intended. I'll take a look.
eirbjo
commented
1 year ago Oops, something is weird here with the PR, this was not intended. I'll take a look.
Alright, the PR had the wrong base branch. Retargeted to 2.4.4-RELEASE which was the intended branch.
mnriem
commented
12 months ago @eirbjo Is this PR still relevant?
eirbjo
commented
12 months ago @eirbjo Is this PR still relevant?
I would think so. OpenJDK would still like to remove the mentioned classes, and uses of SSLSession.getPeerCertificateChain should be updated to use SSLSession.getPeerCertificates instead in preparation for this change.
mnriem
commented
12 months ago @arjantijms Looks good to me!
Efforts are underway in the OpenJDK project to remove the long deprecated-for-removal classes in the package
javax.security.cert. These classes were introduced for backwards compatibility concerns with the unbundled JSSE release for JDK 1.2/1.3, but their use have been discouraged since they were introduced.It would be good to update Grizzly 2.4.x to not depend on / use these archaic APIs.
See https://bugs.openjdk.org/browse/JDK-8227024 and the corresponding CSR https://bugs.openjdk.org/browse/JDK-8227395
The
SSLSupportImplClasscurrently usesgetPeerCertificateChain, then converts the results tojava.security.cert.X509Certificate. This seems a bit strange, since the methods could just callgetPeerCertificatesdirectly, which returnsjava.security.cert.X509Certificate[].Merging this PR would allow Grizzly 2.4.x to be used on a future JDK where the deprecated for-removal APIs in
javax.security.certare removed.