Fix PR769: IcedTea-Web does not work with some ssl sites with OpenJDK7

author: Deepak Bhole <[email protected]> 2011-08-23 16:33:32 -0400
committer: Deepak Bhole <[email protected]> 2011-08-23 16:33:32 -0400
commit: 898b4e84cd359fa9077e73bbea283da088359db2 (patch)
tree: 0962d20573bca1354f9c30186ab90362b692c435
parent: a95527084edc351de55d05ee9b595e24e0bd2ace (diff)
3 files changed, 20 insertions, 8 deletions
diff --git a/ChangeLog b/ChangeLog
index 7cdcea3..e441024 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2011-08-23  Deepak Bhole <[email protected]>
+
+	PR769: IcedTea-Web plugin does not work with some ssl sites with OpenJDK7
+	* netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java
+	(checkServerTrusted): Account for a null hostname that the
+	overloaded implementation may pass.
+
 2011-08-23  Omair Majid  <[email protected]>
 
 	* configure.ac: Add check for new non-standard classes
diff --git a/NEWS b/NEWS
index 5fcab5c..fc895c1 100644
--- a/NEWS
+++ b/NEWS
@@ -20,6 +20,7 @@ Common
   - PR768: Signed applets/Web Start apps don't work with OpenJDK7 and up
   - PR771: IcedTea-Web certificate verification code does not use the right API
   - PR742: IcedTea-Web checks certs only upto 1 level deep before declaring them untrusted.
+  - PR769: IcedTea-Web does not work with some ssl sites with OpenJDK7
 
 New in release 1.1 (2011-XX-XX):
 * Security updates
diff --git a/netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java b/netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java
index 3285b85..5eb790d 100644
--- a/netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java
+++ b/netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java
@@ -224,16 +224,20 @@ final public class VariableX509TrustManager extends X509ExtendedTrustManager {
         // need to prompt the user
         if (!isExplicitlyTrusted(chain, authType)) {
 
-            try {
-                HostnameChecker checker = HostnameChecker
-                        .getInstance(HostnameChecker.TYPE_TLS);
+            if (hostName == null) {
+                CNMatched = false;
+            } else {
+                try {
+                    HostnameChecker checker = HostnameChecker
+                            .getInstance(HostnameChecker.TYPE_TLS);
 
-                checker.match(hostName, chain[0]); // only need to match @ 0 for
-                                                   // CN
+                    checker.match(hostName, chain[0]); // only need to match @ 0 for
+                                                       // CN
 
-            } catch (CertificateException e) {
-                CNMatched = false;
-                ce = e;
+                } catch (CertificateException e) {
+                    CNMatched = false;
+                    ce = e;
+                }
             }
         }
author	Deepak Bhole <[email protected]>	2011-08-23 16:33:32 -0400
committer	Deepak Bhole <[email protected]>	2011-08-23 16:33:32 -0400
commit	898b4e84cd359fa9077e73bbea283da088359db2 (patch)
tree	0962d20573bca1354f9c30186ab90362b692c435
parent	a95527084edc351de55d05ee9b595e24e0bd2ace (diff)