/hg/icedtea-web: Fix PR769: IcedTea-Web does not work with some ...

[dbhole at icedtea.classpath.org]

changeset 36a7ee0d0ef7 in /hg/icedtea-web
details: http://icedtea.classpath.org/hg/icedtea-web?cmd=changeset;node=36a7ee0d0ef7
author: Deepak Bhole <dbhole at redhat.com>
date: Tue Aug 23 16:33:32 2011 -0400

	Fix PR769: IcedTea-Web does not work with some ssl sites with
	OpenJDK7


diffstat:

 ChangeLog                                                        |   7 +++
 NEWS                                                             |   1 +
 netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java |  20 ++++++----
 3 files changed, 20 insertions(+), 8 deletions(-)

diffs (57 lines):

diff -r 924ec4d87970 -r 36a7ee0d0ef7 ChangeLog
--- a/ChangeLog	Tue Aug 23 11:03:13 2011 -0400
+++ b/ChangeLog	Tue Aug 23 16:33:32 2011 -0400
@@ -1,3 +1,10 @@
+2011-08-23  Deepak Bhole <dbhole at redhat.com>
+
+	PR769: IcedTea-Web plugin does not work with some ssl sites with OpenJDK7
+	* netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java
+	(checkServerTrusted): Account for a null hostname that the
+	overloaded implementation may pass.
+
 2011-08-23  Omair Majid  <omajid at redhat.com>
 
 	* configure.ac: Add check for new non-standard classes
diff -r 924ec4d87970 -r 36a7ee0d0ef7 NEWS
--- a/NEWS	Tue Aug 23 11:03:13 2011 -0400
+++ b/NEWS	Tue Aug 23 16:33:32 2011 -0400
@@ -20,6 +20,7 @@
   - PR768: Signed applets/Web Start apps don't work with OpenJDK7 and up
   - PR771: IcedTea-Web certificate verification code does not use the right API
   - PR742: IcedTea-Web checks certs only upto 1 level deep before declaring them untrusted.
+  - PR769: IcedTea-Web does not work with some ssl sites with OpenJDK7
 
 New in release 1.1 (2011-XX-XX):
 * Security updates
diff -r 924ec4d87970 -r 36a7ee0d0ef7 netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java
--- a/netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java	Tue Aug 23 11:03:13 2011 -0400
+++ b/netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java	Tue Aug 23 16:33:32 2011 -0400
@@ -224,16 +224,20 @@
         // need to prompt the user
         if (!isExplicitlyTrusted(chain, authType)) {
 
-            try {
-                HostnameChecker checker = HostnameChecker
-                        .getInstance(HostnameChecker.TYPE_TLS);
+            if (hostName == null) {
+                CNMatched = false;
+            } else {
+                try {
+                    HostnameChecker checker = HostnameChecker
+                            .getInstance(HostnameChecker.TYPE_TLS);
 
-                checker.match(hostName, chain[0]); // only need to match @ 0 for
-                                                   // CN
+                    checker.match(hostName, chain[0]); // only need to match @ 0 for
+                                                       // CN
 
-            } catch (CertificateException e) {
-                CNMatched = false;
-                ce = e;
+                } catch (CertificateException e) {
+                    CNMatched = false;
+                    ce = e;
+                }
             }
         }