diff -r e9a9792ee189 NEWS --- a/NEWS Thu Sep 15 15:27:40 2011 +0200 +++ b/NEWS Mon Sep 19 17:32:53 2011 -0400 @@ -24,6 +24,7 @@ - PR742: IcedTea-Web checks certs only upto 1 level deep before declaring them untrusted. - PR769: IcedTea-Web does not work with some ssl sites with OpenJDK7 - RH734081: Javaws cannot use proxy settings from Firefox + - RH738814: Access denied at ssl handshake New in release 1.1 (2011-XX-XX): * Security updates diff -r e9a9792ee189 netx/net/sourceforge/jnlp/security/SecurityDialogs.java --- a/netx/net/sourceforge/jnlp/security/SecurityDialogs.java Thu Sep 15 15:27:40 2011 +0200 +++ b/netx/net/sourceforge/jnlp/security/SecurityDialogs.java Mon Sep 19 17:32:53 2011 -0400 @@ -181,6 +181,8 @@ * @param accessType the type of warning dialog to show * @param file the JNLPFile associated with this warning * @param jarSigner the JarSigner used to verify this application + * + * @return true if the user accepted the certificate */ public static boolean showCertWarningDialog(AccessType accessType, JNLPFile file, CertVerifier jarSigner) { diff -r e9a9792ee189 netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java --- a/netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java Thu Sep 15 15:27:40 2011 +0200 +++ b/netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java Mon Sep 19 17:32:53 2011 -0400 @@ -37,7 +37,9 @@ package net.sourceforge.jnlp.security; +import java.security.AccessController; import java.security.KeyStore; +import java.security.PrivilegedAction; import java.security.cert.Certificate; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; @@ -379,14 +381,20 @@ * @param authType The authentication algorithm * @return user's response */ - private boolean askUser(X509Certificate[] chain, String authType, - boolean isTrusted, boolean hostMatched, - String hostName) { - return SecurityDialogs.showCertWarningDialog( + private boolean askUser(final X509Certificate[] chain, final String authType, + final boolean isTrusted, final boolean hostMatched, + final String hostName) { + final VariableX509TrustManager trustManager = this; + return AccessController.doPrivileged(new PrivilegedAction() { + @Override + public Boolean run() { + return SecurityDialogs.showCertWarningDialog( AccessType.UNVERIFIED, null, - new HttpsCertVerifier(this, chain, authType, + new HttpsCertVerifier(trustManager, chain, authType, isTrusted, hostMatched, hostName)); + } + }); } /**