[RFC] netx/plugin: do not prompt user multiple times for the same Certificate
Deepak Bhole
dbhole at redhat.com
Mon Oct 18 10:49:45 PDT 2010
* Dr Andrew John Hughes <ahughes at redhat.com> [2010-10-18 13:35]:
> On 12:53 Mon 18 Oct , Omair Majid wrote:
> > On 10/14/2010 05:03 PM, Deepak Bhole wrote:
> > > * Omair Majid<omajid at redhat.com> [2010-10-14 16:37]:
> > >> Hi,
> > >>
> > >> In the current implementation of the plugin, when the user rejects a
> > >> https certificate, the next time the https connection is attempted,
> > >> another certificate warning is shown.
> > >>
> > >> The attached patch makes it so that if the user does not accept a
> > >> certificate, he is not prompted again for accepting it. The patch
> > >> keeps a list of certificates that the user has not accepted and
> > >> skips the user prompt if it is for one of those certificates.
> > >>
> > >> Any comments or suggestions?
> > >>
> > >
> > >
> > > Looks fine to me. Okay for commit to all active branches.
> > >
> >
> > Thanks. Pushed to IcedTea6 HEAD, 1.9, 1.8 and 1.7.
> >
> > Cheers,
> > Omair
> >
>
> Can the user remove the certificate from the list, should they wish to accept it at some point in the future?
> Same vice versa I guess (stop accepting a previously accepted certificate).
The untrusted list is temporary and gets destroyed when the vm shuts
down.
As for removing certs previously trusted -- that list can be manipulated
with keytool. The keystore is .netx/security/trusted.certs
Cheers,
Deepak
> --
> Andrew :)
>
> Free Java Software Engineer
> Red Hat, Inc. (http://www.redhat.com)
>
> Support Free Java!
> Contribute to GNU Classpath and the OpenJDK
> http://www.gnu.org/software/classpath
> http://openjdk.java.net
> PGP Key: 94EFD9D8 (http://subkeys.pgp.net)
> Fingerprint = F8EF F1EA 401E 2E60 15FA 7927 142C 2591 94EF D9D8
More information about the distro-pkg-dev
mailing list