Skip to Main Content
Forums

Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

JSSE 1.0.3 contradiction

843811May 22 2003 — edited May 23 2003
I'm in the process of upgrading an application from JDK 1.3.x/JSSE 1.0.2 to JDK1.4.1/JSSE1.0.3. The guidelines for the JSSE 1.0.3 has two (seemingly) contradictory statements, they advise both:

(a) Move from using com.sun.net.ssl classes to java.net.ssl.
and
(b) java.security.cert should not be used.

However there are methods defined in the javax.net.ssl.X509TrustManager that use java.security.cert.

e.g.:
public void checkClientTrusted(
java.security.cert.X509Certificate[] chain,
java.lang.String authType);


Anyone have any insight into this apparnet contradiction? I see no other recourse than to use java.security.cert.X509Certificate. I haven't noticed any problems but I'd like to know the reasoning behind this condition.

thanks!
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Jun 20 2003
Added on May 22 2003
#java-secure-socket-extension-jsse
2 comments
78 views