[RFC] netx/plugin: do not prompt user multiple times for the same Certificate
Omair Majid
omajid at redhat.com
Mon Oct 18 11:34:56 PDT 2010
On 10/18/2010 01:49 PM, Deepak Bhole wrote:
> * Dr Andrew John Hughes<ahughes at redhat.com> [2010-10-18 13:35]:
>> On 12:53 Mon 18 Oct , Omair Majid wrote:
>>> On 10/14/2010 05:03 PM, Deepak Bhole wrote:
>>>> * Omair Majid<omajid at redhat.com> [2010-10-14 16:37]:
>>>>> Hi,
>>>>>
>>>>> In the current implementation of the plugin, when the user rejects a
>>>>> https certificate, the next time the https connection is attempted,
>>>>> another certificate warning is shown.
>>>>>
>>>>> The attached patch makes it so that if the user does not accept a
>>>>> certificate, he is not prompted again for accepting it. The patch
>>>>> keeps a list of certificates that the user has not accepted and
>>>>> skips the user prompt if it is for one of those certificates.
>>>>>
>>>>> Any comments or suggestions?
>>>>>
>>>>
>>>>
>>>> Looks fine to me. Okay for commit to all active branches.
>>>>
>>>
>>> Thanks. Pushed to IcedTea6 HEAD, 1.9, 1.8 and 1.7.
>>>
>>> Cheers,
>>> Omair
>>>
>>
>> Can the user remove the certificate from the list, should they wish to accept it at some point in the future?
>> Same vice versa I guess (stop accepting a previously accepted certificate).
>
>
> The untrusted list is temporary and gets destroyed when the vm shuts
> down.
>
I was wondering whether it would make more sense to keep a list of
trusted/untrusted certificates per applet/application instead of per VM.
> As for removing certs previously trusted -- that list can be manipulated
> with keytool. The keystore is .netx/security/trusted.certs
>
Another way of manipulating the keystore is by using "javaws -viewer"
> Cheers,
> Deepak
>
>> --
>> Andrew :)
>>
>> Free Java Software Engineer
>> Red Hat, Inc. (http://www.redhat.com)
>>
>> Support Free Java!
>> Contribute to GNU Classpath and the OpenJDK
>> http://www.gnu.org/software/classpath
>> http://openjdk.java.net
>> PGP Key: 94EFD9D8 (http://subkeys.pgp.net)
>> Fingerprint = F8EF F1EA 401E 2E60 15FA 7927 142C 2591 94EF D9D8
More information about the distro-pkg-dev
mailing list