3 plugin patches for 1.6
Deepak Bhole
dbhole at redhat.com
Sun Aug 23 16:36:52 PDT 2009
Hi,
Attached are 3 plugin patches for the 1.6 release. These are the last of
the patches that need to make it into 1.6.
Patch 1: allow-cn-mismatch.patch
Currently, if the hostname of a site does not match the certificate CN,
the connection fails. This patch gives the user the option to bypass
that.
Patch 2: cookie-manager.patch
This is more of a fix for bugs on serverside.. for example, webmin sets
a cookie named " sid". The current cookie implementation in the plugin
uses HttpCookie for storing cookies, which strips the initial space.
Webmin cannot handle this, and fails. With the attached patch, cookies
are handled in a different manner such that spaces don't get stripped.
Patch 3: npefix-sigsegv.patch
This patch fixes an NPE that can result if the panel has not been fully
initialized (encountered on www.tdfx.ca)
It also fixes a SIGSEGV issue that results if an applet tries to set a
status message with a newline character.
Combined ChangeLog:
2009-08-23 Deepak Bhole <dbhole at redhat.com>
* rt/net/sourceforge/jnlp/resources/Messages.properties: Add new message
key for CN name mismatches.
* rt/net/sourceforge/jnlp/security/HttpsCertVerifier.java
(HttpsCertVerifier): Accept new parameters that indicate certificate trust
status, CN mismatch status, and the hostname.
(getAlreadyTrustPublisher): Use provided isTrusted boolean to get around
checkServerTrusted() synchronization.
(getDetails): Include details about CN mismatch.
(getNamesForCert): New private method. Returns all acceptable names for
a given X509Certificate.
(R): Overloaded the method to return messages that have 2 variables.
* rt/net/sourceforge/jnlp/security/VariableX509TrustManager.java: Extend
X509ExtendedTrustManager rather than X509TrustManager.
(checkClientTrusted): Overloaded method with one that takes a hostname.
(checkServerTrusted): Same. The new overloaded method also checks for CN
mismatch if the certificate is not explicitly trusted.
(isExplicitlyTrusted): Returns if the given certificate chain is part of
the local user trusted DB.
(askUser): Change parameters to accept information about trust, host match
status, and hostname.
* plugin/icedtea/sun/applet/PluginCookieInfoRequest.java
(parseReturn): Store cookie info as a string rather than a list of
HttpCookie objects.
(getObject): Return the new cookie string.
* plugin/icedtea/sun/applet/PluginCookieManager.java: New file, extends
CookieManager as is set as the default cookie manager for the plugin.
* plugin/icedtea/sun/applet/PluginCookieStore.java : Deleted. New design
uses a custom cookiemanager rather than just a custom store.
* plugin/icedtea/sun/applet/PluginMain.java : Wire in the new cookie
manager.
* plugin/icedtea/sun/applet/PluginAppletViewer.java
(handleMessage): Wait until panel is set before pinging it for life status.
(showStatus): Replace new lines with spaces, as the status is on a single
line anyway.
Cheers,
Deepak
-------------- next part --------------
A non-text attachment was scrubbed...
Name: allow-cn-mismatch.patch
Type: text/x-patch
Size: 12096 bytes
Desc: not available
Url : http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20090823/e4ccc6af/allow-cn-mismatch.patch
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cookie-manager.patch
Type: text/x-patch
Size: 10134 bytes
Desc: not available
Url : http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20090823/e4ccc6af/cookie-manager.patch
-------------- next part --------------
A non-text attachment was scrubbed...
Name: npefix-sigsegv.patch
Type: text/x-patch
Size: 1035 bytes
Desc: not available
Url : http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20090823/e4ccc6af/npefix-sigsegv.patch
More information about the distro-pkg-dev
mailing list