[icedtea-web] RFC: PR769: IcedTea-Web plugin does not work with some ssl sites with OpenJDK7
Deepak Bhole
dbhole at redhat.com
Tue Aug 9 11:16:20 PDT 2011
* Deepak Bhole <dbhole at redhat.com> [2011-08-03 17:08]:
> Hi,
>
> Attached fix is for PR769:
> http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=769
>
> The fix is not Java 7 specific ... Java 7 just exposed the bug.
>
ping?
> ChangeLog:
> 2011-08-03 Deepak Bhole <dbhole at redhat.com>
>
> PR769: IcedTea-Web plugin does not work with some ssl sites with OpenJDK7
> * netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java
> (checkServerTrusted): Account for a null hostname that the overloaded
> implementation may pass.
>
> Okay for HEAD, 1.0 and 1.1?
>
> Cheers,
> Deepak
> diff -r db6914cf15be NEWS
> --- a/NEWS Wed Aug 03 14:11:11 2011 -0400
> +++ b/NEWS Wed Aug 03 17:06:33 2011 -0400
> @@ -13,6 +13,7 @@
> - PR749: sun.applet.PluginStreamHandler#handleMessage(String) really slow
> Common
> - PR768: Signed applets/Web Start apps don't work with OpenJDK7 and up
> + - PR769: IcedTea-Web plugin does not work with some ssl sites with OpenJDK7
>
> New in release 1.1.1 (2011-07-20):
> * Security updates:
> diff -r db6914cf15be netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java
> --- a/netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java Wed Aug 03 14:11:11 2011 -0400
> +++ b/netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java Wed Aug 03 17:06:33 2011 -0400
> @@ -222,7 +222,7 @@
>
> // If the certificate is not explicitly trusted, we
> // need to prompt the user
> - if (!isExplicitlyTrusted(chain, authType)) {
> + if (!isExplicitlyTrusted(chain, authType) && hostName != null) {
>
> try {
> HostnameChecker checker = HostnameChecker
> @@ -235,6 +235,8 @@
> CNMatched = false;
> ce = e;
> }
> + } else if (!isExplicitlyTrusted(chain, authType)) {
> + CNMatched = false;
> }
>
> if (!trusted || !CNMatched) {
More information about the distro-pkg-dev
mailing list