> > I reached out to the BouncyCastle project [3] and they are basically OK > with the OpenJDK project to go ahead and remove the APIs: > > I reached out to the Conscrypt team with a PR. While the PR cannot be integrated in its current form, the ensuing discussion was instructive:
https://github.com/google/conscrypt/pull/1128 Pete provides a neat explanation of how Conscrypt is packaged and used in the wider Opecosystem. I think the key takeaway for OpenJDK seems to be: I think for OpenJDK and standalone Android builds, it's probably fine to > simply drop support for the getPeerCertificateChain() API at a release > boundary. Caveat emptor etc. TBH we've never assumed that upstream OpenJDK would worry about us when > making breaking changes. :) I don't mean that in a negative way, just that > your priorities are not the same as ours and so it's up to us to react as > needed. Pete then goes on to explain that javax.security.cert currently isn't formally marked as deprecated in Android Platform, so they are lagging behind aim to align with OpenJDK in this respect. The rest of his comments are mainly focused on the Android parts, it's a good read for anyone interested in that. Thanks, Eirik.
