Mercurial > hg > release > icedtea-web-1.2
changeset 281:36a7ee0d0ef7
Fix PR769: IcedTea-Web does not work with some ssl sites with OpenJDK7
author | Deepak Bhole <dbhole@redhat.com> |
---|---|
date | Tue, 23 Aug 2011 16:33:32 -0400 |
parents | 924ec4d87970 |
children | 36270c76a533 |
files | ChangeLog NEWS netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java |
diffstat | 3 files changed, 20 insertions(+), 8 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Tue Aug 23 11:03:13 2011 -0400 +++ b/ChangeLog Tue Aug 23 16:33:32 2011 -0400 @@ -1,3 +1,10 @@ +2011-08-23 Deepak Bhole <dbhole@redhat.com> + + PR769: IcedTea-Web plugin does not work with some ssl sites with OpenJDK7 + * netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java + (checkServerTrusted): Account for a null hostname that the + overloaded implementation may pass. + 2011-08-23 Omair Majid <omajid@redhat.com> * configure.ac: Add check for new non-standard classes
--- a/NEWS Tue Aug 23 11:03:13 2011 -0400 +++ b/NEWS Tue Aug 23 16:33:32 2011 -0400 @@ -20,6 +20,7 @@ - PR768: Signed applets/Web Start apps don't work with OpenJDK7 and up - PR771: IcedTea-Web certificate verification code does not use the right API - PR742: IcedTea-Web checks certs only upto 1 level deep before declaring them untrusted. + - PR769: IcedTea-Web does not work with some ssl sites with OpenJDK7 New in release 1.1 (2011-XX-XX): * Security updates
--- a/netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java Tue Aug 23 11:03:13 2011 -0400 +++ b/netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java Tue Aug 23 16:33:32 2011 -0400 @@ -224,16 +224,20 @@ // need to prompt the user if (!isExplicitlyTrusted(chain, authType)) { - try { - HostnameChecker checker = HostnameChecker - .getInstance(HostnameChecker.TYPE_TLS); + if (hostName == null) { + CNMatched = false; + } else { + try { + HostnameChecker checker = HostnameChecker + .getInstance(HostnameChecker.TYPE_TLS); - checker.match(hostName, chain[0]); // only need to match @ 0 for - // CN + checker.match(hostName, chain[0]); // only need to match @ 0 for + // CN - } catch (CertificateException e) { - CNMatched = false; - ce = e; + } catch (CertificateException e) { + CNMatched = false; + ce = e; + } } }