3 plugin patches for 1.6
Deepak Bhole
dbhole at redhat.com
Tue Aug 25 07:36:14 PDT 2009
* Andrew John Hughes <gnu_andrew at member.fsf.org> [2009-08-24 16:42]:
> 2009/8/24 Deepak Bhole <dbhole at redhat.com>:
> > Hi,
> >
> > Attached are 3 plugin patches for the 1.6 release. These are the last of
> > the patches that need to make it into 1.6.
> >
> > Patch 1: allow-cn-mismatch.patch
> > Currently, if the hostname of a site does not match the certificate CN,
> > the connection fails. This patch gives the user the option to bypass
> > that.
> >
> > Patch 2: cookie-manager.patch
> > This is more of a fix for bugs on serverside.. for example, webmin sets
> > a cookie named " sid". The current cookie implementation in the plugin
> > uses HttpCookie for storing cookies, which strips the initial space.
> > Webmin cannot handle this, and fails. With the attached patch, cookies
> > are handled in a different manner such that spaces don't get stripped.
> >
> > Patch 3: npefix-sigsegv.patch
> > This patch fixes an NPE that can result if the panel has not been fully
> > initialized (encountered on www.tdfx.ca)
> >
> > It also fixes a SIGSEGV issue that results if an applet tries to set a
> > status message with a newline character.
> >
> > Combined ChangeLog:
> > 2009-08-23 Deepak Bhole <dbhole at redhat.com>
> >
> > * rt/net/sourceforge/jnlp/resources/Messages.properties: Add new message
> > key for CN name mismatches.
> > * rt/net/sourceforge/jnlp/security/HttpsCertVerifier.java
> > (HttpsCertVerifier): Accept new parameters that indicate certificate trust
> > status, CN mismatch status, and the hostname.
> > (getAlreadyTrustPublisher): Use provided isTrusted boolean to get around
> > checkServerTrusted() synchronization.
> > (getDetails): Include details about CN mismatch.
> > (getNamesForCert): New private method. Returns all acceptable names for
> > a given X509Certificate.
> > (R): Overloaded the method to return messages that have 2 variables.
> > * rt/net/sourceforge/jnlp/security/VariableX509TrustManager.java: Extend
> > X509ExtendedTrustManager rather than X509TrustManager.
> > (checkClientTrusted): Overloaded method with one that takes a hostname.
> > (checkServerTrusted): Same. The new overloaded method also checks for CN
> > mismatch if the certificate is not explicitly trusted.
> > (isExplicitlyTrusted): Returns if the given certificate chain is part of
> > the local user trusted DB.
> > (askUser): Change parameters to accept information about trust, host match
> > status, and hostname.
> > * plugin/icedtea/sun/applet/PluginCookieInfoRequest.java
> > (parseReturn): Store cookie info as a string rather than a list of
> > HttpCookie objects.
> > (getObject): Return the new cookie string.
> > * plugin/icedtea/sun/applet/PluginCookieManager.java: New file, extends
> > CookieManager as is set as the default cookie manager for the plugin.
> > * plugin/icedtea/sun/applet/PluginCookieStore.java : Deleted. New design
> > uses a custom cookiemanager rather than just a custom store.
> > * plugin/icedtea/sun/applet/PluginMain.java : Wire in the new cookie
> > manager.
> > * plugin/icedtea/sun/applet/PluginAppletViewer.java
> > (handleMessage): Wait until panel is set before pinging it for life status.
> > (showStatus): Replace new lines with spaces, as the status is on a single
> > line anyway.
> >
> > Cheers,
> > Deepak
> >
>
>
> As with Ed and Gary, I feel one of the issues with your patches is
> that you are the only one who knows the code deeply enough. This is
> something we need to fix.
>
> I do a scan over the patches and they look ok to me (the third
> especially is a trivial fix). I'd file a bug with webmin regarding
> the cookie issue, as this is against the spec. which states that the
> attribute name should be ' a sequence of non-special, non-white space
> characters'.
>
Agreed.
Thanks for going through it!
Patches committed as individual sets:
http://icedtea.classpath.org/hg/icedtea6/rev/65c5650a98c2
http://icedtea.classpath.org/hg/icedtea6/rev/94e9b26a96da
http://icedtea.classpath.org/hg/icedtea6/rev/80c259fc02d4
Cheers,
Deepak
More information about the distro-pkg-dev
mailing list