Skip to content

Remove uses of classes in javax.security.cert #1468

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
eirbjo wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Remove uses of classes in javax.security.cert #1468

eirbjo wants to merge 2 commits into from

Conversation

@eirbjo
Copy link

@eirbjo eirbjo commented Apr 14, 2023
edited
Loading

Efforts are underway in the OpenJDK project to remove the long deprecated-for-removal classes in the package javax.security.cert. These classes were introduced for backwards compatibility concerns with the unbundled JSSE release for JDK 1.2/1.3, but their use have been discouraged since they were introduced.

It would be good to update Undertow to not depend on / use these archaic APIs.

See https://bugs.openjdk.org/browse/JDK-8227024 and the corresponding CSR https://bugs.openjdk.org/browse/JDK-8227395

Changes:

  • Remove SSLSessionInfo.getPeerCertificateChain and its overrides in BasicSSLSessionInfo, ConnectionSSLSessionInfo and Http2SslSessionInfo
  • Remove a catch of javax.security.cert.CertificateException in AjpRequestParseState.createSslSessionInfo
  • Remove the util method Certificates.toPem which takes javax.security.cert.X509Certificate as parameter and seems unused
  • SNISSLEngine.InitalState overrides SSLEngine.getHandshakeSession and returns a custom, mostly no-op SSLSession. Since getHandshakeSession does not seem to be called, I opted to simply remove this override and the custom SSLSession implementation. This way we also don't need to implement SSLSession.getPeerCertificateChain which returns javax.security.cert.X509Certificate[]. Please advice if this override actually has a purpose and we'll need to maintain it somehow.

@fl4via fl4via added the new feature / API change New feature to be introduced or a change to the API (non suitable to minor releases) label Apr 23, 2023
@fl4via
Copy link
Member

fl4via commented Apr 23, 2023

Thanks @eirbjo ! I am approving this to run CI, but this is not being merged for now. I'll get back from PTO on May, and by then I'll sort out all new feature/API change PRs, they will go into a branch scheduled for 2.4.0.Final.

@eirbjo
Copy link
Author

eirbjo commented Apr 23, 2023

Thanks @eirbjo ! I am approving this to run CI, but this is not being merged for now. I'll get back from PTO on May, and by then I'll sort out all new feature/API change PRs, they will go into a branch scheduled for 2.4.0.Final.

Thanks @fl4via ! This change is not entirely trival, so I'm expecting it can take some careful review. While there is no immediate rush to get this done, I'm very happy that you can take a look at this when you are back at work. Enjoy your time off :-)

eirbjo added 2 commits October 16, 2025 19:58
@eirbjo @fl4via
[UNDERTOW-2645] Remove uses of classes in the 'javax.security.cert' p…
5fc068c 
…ackage
@eirbjo @fl4via
[UNDERTOW-2645] SNISSLEngine.InitialState overrides SSLEngine.getHand…
8fa96af 
…ShakeSession, but the method is never called. The override and the SSLSession implementation can be removed.
@fl4via fl4via force-pushed the remove-javax.security.cert branch from 1327faa to 8fa96af Compare October 16, 2025 23:02
@fl4via fl4via added the under verification Currently being verified (running tests, reviewing) before posting a review to contributor label Oct 16, 2025
@fl4via
Copy link
Member

fl4via commented Oct 16, 2025

@eirbjo I apologize for the huge delay, we have been very overloaded with many tasks since you submitted this PR.

I kno it has been a long time and I saw the updated status of the Jiras you linked.

We will be running tests and studying the impact of this so we can decide how to proceed with these changes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

new feature / API change New feature to be introduced or a change to the API (non suitable to minor releases) under verification Currently being verified (running tests, reviewing) before posting a review to contributor

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@eirbjo @fl4via