# HG changeset patch
# User Deepak Bhole <dbhole@redhat.com>
# Date 1314131612 14400
# Node ID 494140bdce624e2a9a834d9714178603f626c7fe
# Parent  25dc7d8cb7573157a8d7554ac48a095cf34707f8
Fix PR769: IcedTea-Web does not work with some ssl sites with OpenJDK7

diff -r 25dc7d8cb757 -r 494140bdce62 ChangeLog
--- a/ChangeLog	Tue Aug 23 12:52:10 2011 -0400
+++ b/ChangeLog	Tue Aug 23 16:33:32 2011 -0400
@@ -1,3 +1,10 @@
+2011-08-23  Deepak Bhole <dbhole@redhat.com>
+
+	PR769: IcedTea-Web plugin does not work with some ssl sites with OpenJDK7
+	* netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java
+	(checkServerTrusted): Account for a null hostname that the
+	overloaded implementation may pass.
+
 2011-08-23  Omair Majid  <omajid@redhat.com>
 
 	* Makefile.am: Remove JRE. Replace uses with SYSTEM_JRE_DIR instead. Also
diff -r 25dc7d8cb757 -r 494140bdce62 NEWS
--- a/NEWS	Tue Aug 23 12:52:10 2011 -0400
+++ b/NEWS	Tue Aug 23 16:33:32 2011 -0400
@@ -13,6 +13,7 @@
   - PR749: sun.applet.PluginStreamHandler#handleMessage(String) really slow
 Common
   - PR768: Signed applets/Web Start apps don't work with OpenJDK7 and up
+  - PR769: IcedTea-Web does not work with some ssl sites with OpenJDK7
 
 New in release 1.1.1 (2011-07-20):
 * Security updates:
diff -r 25dc7d8cb757 -r 494140bdce62 netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java
--- a/netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java	Tue Aug 23 12:52:10 2011 -0400
+++ b/netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java	Tue Aug 23 16:33:32 2011 -0400
@@ -224,16 +224,20 @@
         // need to prompt the user
         if (!isExplicitlyTrusted(chain, authType)) {
 
-            try {
-                HostnameChecker checker = HostnameChecker
-                        .getInstance(HostnameChecker.TYPE_TLS);
+            if (hostName == null) {
+                CNMatched = false;
+            } else {
+                try {
+                    HostnameChecker checker = HostnameChecker
+                            .getInstance(HostnameChecker.TYPE_TLS);
 
-                checker.match(hostName, chain[0]); // only need to match @ 0 for
-                                                   // CN
+                    checker.match(hostName, chain[0]); // only need to match @ 0 for
+                                                       // CN
 
-            } catch (CertificateException e) {
-                CNMatched = false;
-                ce = e;
+                } catch (CertificateException e) {
+                    CNMatched = false;
+                    ce = e;
+                }
             }
         }