[Bug 778] New: jar download and server certificate verification deadlock

bugzilla-daemon at icedtea.classpath.org bugzilla-daemon at icedtea.classpath.org
Sat Aug 27 17:20:57 PDT 2011


           Summary: jar download and server certificate verification
           Product: IcedTea-Web
           Version: 1.1.1
          Platform: 64-bit
               URL: http://asenath.cc.cmu.edu/viewer.jnlp
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: NetX
        AssignedTo: omajid at redhat.com
        ReportedBy: ataraxia937 at gmail.com
                CC: unassigned at icedtea.classpath.org

Created an attachment (id=564)
 --> (http://icedtea.classpath.org/bugzilla/attachment.cgi?id=564)
JNLP that reproduces the problem

When using Java Web Start to launch an app from a web server using an unknown
cert, it is impossible to either accept the cert, or to complete the jar

Both the download window and the cert verification window appear at the same
time. The downloads do not start because the certificate hasn't been accepted
yet. The certificate window will not accept any mouse of keyboard input -
apparently the download window blocks it.

If I download the web cert myself in some other way, and add it to
trusted.certs ahead of time, the jar downloads complete as expected and the app

Certificate verification prompts for jar-signer certs do not show this problem,
most likely because the download window has already closed.

I haven't been able to reproduce this with Oracle's official javaws, either
version 6 or 7.

This problem is 100% reproducible with the console viewer app served by Dell
iDRAC 6 cards. Unfortunately, I can't provide you access to such an app - all
that I use are behind my employer's firewall.

Instead, I've set up a mock-up that you can use to reproduce and test this on a
machine under my control. (Note that you shouldn't expect the app to actually
run properly once you do get it to download - it's just a dummy.)

To reproduce this:

1. Download my JNLP file from http://asenath.cc.cmu.edu/viewer.jnlp or just use
the one attached to this bug report.
2. Run javaws on that file (without importing the webserver's cert into NetX).
3. You should now see both a download window, and a certificate verification
window, both of which are unresponsive.

Configure bugmail: http://icedtea.classpath.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the distro-pkg-dev mailing list