[icedtea-web] RFC: RH738814 - Access denied at ssl handshake
Omair Majid
omajid at redhat.com
Mon Sep 19 14:51:42 PDT 2011
Hi,
The attached patch should address RH738814 [1]
The stack trace of the exception shows that code in
VariableX509TrustManager tries do show a prompt which needs all
permissions. Since the method call was originally from an untrusted
applet, these permissions are missing and a security exception is thrown.
Something along this line was anticipated earlier [2], but my fix may
have been too broad. So now that we have a stack trace, I have a more
focused patch. Any thoughts or comments?
The patch is for HEAD, but applies to 1.1 as well. It should also apply
to 1.0 after trivial changes - though I am not sure if that's something
we should do.
ChangeLog:
2011-09-19 Omair Majid <omajid at redhat.com>
* netx/net/sourceforge/jnlp/security/SecurityDialogs.java
(showCertWarningDialog): Add a javadoc comment.
* netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java
(askUser): Wrap the call to showCertWarningDialog in a doPrivileged
block.
Cheers,
Omair
[1] https://bugzilla.redhat.com/show_bug.cgi?id=738814
[2]
http://thread.gmane.org/gmane.comp.java.openjdk.distro-packaging.devel/10641
-------------- next part --------------
A non-text attachment was scrubbed...
Name: icedtea-web-ask-user-privileged-01.patch
Type: text/x-patch
Size: 2949 bytes
Desc: not available
Url : http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20110919/7248f567/icedtea-web-ask-user-privileged-01.patch
More information about the distro-pkg-dev
mailing list