3 plugin patches for 1.6

Deepak Bhole dbhole at redhat.com
Tue Aug 25 07:36:14 PDT 2009


* Andrew John Hughes <gnu_andrew at member.fsf.org> [2009-08-24 16:42]:
> 2009/8/24 Deepak Bhole <dbhole at redhat.com>:
> > Hi,
> >
> > Attached are 3 plugin patches for the 1.6 release. These are the last of
> > the patches that need to make it into 1.6.
> >
> > Patch 1: allow-cn-mismatch.patch
> > Currently, if the hostname of a site does not match the certificate CN,
> > the connection fails. This patch gives the user the option to bypass
> > that.
> >
> > Patch 2: cookie-manager.patch
> > This is more of a fix for bugs on serverside.. for example, webmin sets
> > a cookie named " sid". The current cookie implementation in the plugin
> > uses HttpCookie for storing cookies, which strips the initial space.
> > Webmin cannot handle this, and fails. With the attached patch, cookies
> > are handled in a different manner such that spaces don't get stripped.
> >
> > Patch 3: npefix-sigsegv.patch
> > This patch fixes an NPE that can result if the panel has not been fully
> > initialized (encountered on www.tdfx.ca)
> >
> > It also fixes a SIGSEGV issue that results if an applet tries to set a
> > status message with a newline character.
> >
> > Combined ChangeLog:
> > 2009-08-23  Deepak Bhole <dbhole at redhat.com>
> >
> >    * rt/net/sourceforge/jnlp/resources/Messages.properties: Add new message
> >    key for CN name mismatches.
> >    * rt/net/sourceforge/jnlp/security/HttpsCertVerifier.java
> >    (HttpsCertVerifier): Accept new parameters that indicate certificate trust
> >    status, CN mismatch status, and the hostname.
> >    (getAlreadyTrustPublisher): Use provided isTrusted boolean to get around
> >    checkServerTrusted() synchronization.
> >    (getDetails): Include details about CN mismatch.
> >    (getNamesForCert): New private method. Returns all acceptable names for
> >    a given X509Certificate.
> >    (R): Overloaded the method to return messages that have 2 variables.
> >    * rt/net/sourceforge/jnlp/security/VariableX509TrustManager.java: Extend
> >    X509ExtendedTrustManager rather than X509TrustManager.
> >    (checkClientTrusted): Overloaded method with one that takes a hostname.
> >    (checkServerTrusted): Same. The new overloaded method also checks for CN
> >    mismatch if the certificate is not explicitly trusted.
> >    (isExplicitlyTrusted): Returns if the given certificate chain is part of
> >    the local user trusted DB.
> >    (askUser): Change parameters to accept information about trust, host match
> >    status, and hostname.
> >    * plugin/icedtea/sun/applet/PluginCookieInfoRequest.java
> >    (parseReturn): Store cookie info as a string rather than a list of
> >    HttpCookie objects.
> >    (getObject): Return the new cookie string.
> >    * plugin/icedtea/sun/applet/PluginCookieManager.java: New file, extends
> >    CookieManager as is set as the default cookie manager for the plugin.
> >    * plugin/icedtea/sun/applet/PluginCookieStore.java : Deleted. New design
> >    uses a custom cookiemanager rather than just a custom store.
> >    * plugin/icedtea/sun/applet/PluginMain.java : Wire in the new cookie
> >    manager.
> >    * plugin/icedtea/sun/applet/PluginAppletViewer.java
> >    (handleMessage): Wait until panel is set before pinging it for life status.
> >    (showStatus): Replace new lines with spaces, as the status is on a single
> >    line anyway.
> >
> > Cheers,
> > Deepak
> >
> 
> 
> As with Ed and Gary, I feel one of the issues with your patches is
> that you are the only one who knows the code deeply enough.  This is
> something we need to fix.
> 
> I do a scan over the patches and they look ok to me (the third
> especially is a trivial fix).  I'd file a bug with webmin regarding
> the cookie issue, as this is against the spec. which states that the
> attribute name should be ' a sequence of non-special, non-white space
> characters'.
> 

Agreed.

Thanks for going through it!

Patches committed as individual sets:

http://icedtea.classpath.org/hg/icedtea6/rev/65c5650a98c2
http://icedtea.classpath.org/hg/icedtea6/rev/94e9b26a96da
http://icedtea.classpath.org/hg/icedtea6/rev/80c259fc02d4

Cheers,
Deepak



More information about the distro-pkg-dev mailing list