Mercurial > hg > release > icedtea-web-1.1

changeset 256:494140bdce62

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Fix PR769: IcedTea-Web does not work with some ssl sites with OpenJDK7
author Deepak Bhole <dbhole@redhat.com>
date Tue, 23 Aug 2011 16:33:32 -0400
parents 25dc7d8cb757
children 8214ff4fe80c
files ChangeLog NEWS netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java
diffstat 3 files changed, 20 insertions(+), 8 deletions(-) [+]
line wrap: on
line diff
--- a/ChangeLog	Tue Aug 23 12:52:10 2011 -0400
+++ b/ChangeLog	Tue Aug 23 16:33:32 2011 -0400
@@ -1,3 +1,10 @@
+2011-08-23  Deepak Bhole <dbhole@redhat.com>
+
+	PR769: IcedTea-Web plugin does not work with some ssl sites with OpenJDK7
+	* netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java
+	(checkServerTrusted): Account for a null hostname that the
+	overloaded implementation may pass.
+
 2011-08-23  Omair Majid  <omajid@redhat.com>
 
 	* Makefile.am: Remove JRE. Replace uses with SYSTEM_JRE_DIR instead. Also
--- a/NEWS	Tue Aug 23 12:52:10 2011 -0400
+++ b/NEWS	Tue Aug 23 16:33:32 2011 -0400
@@ -13,6 +13,7 @@
   - PR749: sun.applet.PluginStreamHandler#handleMessage(String) really slow
 Common
   - PR768: Signed applets/Web Start apps don't work with OpenJDK7 and up
+  - PR769: IcedTea-Web does not work with some ssl sites with OpenJDK7
 
 New in release 1.1.1 (2011-07-20):
 * Security updates:
--- a/netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java	Tue Aug 23 12:52:10 2011 -0400
+++ b/netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java	Tue Aug 23 16:33:32 2011 -0400
@@ -224,16 +224,20 @@
         // need to prompt the user
         if (!isExplicitlyTrusted(chain, authType)) {
 
-            try {
-                HostnameChecker checker = HostnameChecker
-                        .getInstance(HostnameChecker.TYPE_TLS);
+            if (hostName == null) {
+                CNMatched = false;
+            } else {
+                try {
+                    HostnameChecker checker = HostnameChecker
+                            .getInstance(HostnameChecker.TYPE_TLS);
 
-                checker.match(hostName, chain[0]); // only need to match @ 0 for
-                                                   // CN
+                    checker.match(hostName, chain[0]); // only need to match @ 0 for
+                                                       // CN
 
-            } catch (CertificateException e) {
-                CNMatched = false;
-                ce = e;
+                } catch (CertificateException e) {
+                    CNMatched = false;
+                    ce = e;
+                }
             }
         }