diff options
| -rw-r--r-- | ChangeLog | 7 | ||||
| -rw-r--r-- | NEWS | 1 | ||||
| -rw-r--r-- | netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java | 20 |
3 files changed, 20 insertions, 8 deletions
@@ -1,3 +1,10 @@ +2011-08-23 Deepak Bhole <[email protected]> + + PR769: IcedTea-Web plugin does not work with some ssl sites with OpenJDK7 + * netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java + (checkServerTrusted): Account for a null hostname that the + overloaded implementation may pass. + 2011-08-23 Omair Majid <[email protected]> * configure.ac: Add check for new non-standard classes @@ -20,6 +20,7 @@ Common - PR768: Signed applets/Web Start apps don't work with OpenJDK7 and up - PR771: IcedTea-Web certificate verification code does not use the right API - PR742: IcedTea-Web checks certs only upto 1 level deep before declaring them untrusted. + - PR769: IcedTea-Web does not work with some ssl sites with OpenJDK7 New in release 1.1 (2011-XX-XX): * Security updates diff --git a/netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java b/netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java index 3285b85..5eb790d 100644 --- a/netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java +++ b/netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java @@ -224,16 +224,20 @@ final public class VariableX509TrustManager extends X509ExtendedTrustManager { // need to prompt the user if (!isExplicitlyTrusted(chain, authType)) { - try { - HostnameChecker checker = HostnameChecker - .getInstance(HostnameChecker.TYPE_TLS); + if (hostName == null) { + CNMatched = false; + } else { + try { + HostnameChecker checker = HostnameChecker + .getInstance(HostnameChecker.TYPE_TLS); - checker.match(hostName, chain[0]); // only need to match @ 0 for - // CN + checker.match(hostName, chain[0]); // only need to match @ 0 for + // CN - } catch (CertificateException e) { - CNMatched = false; - ce = e; + } catch (CertificateException e) { + CNMatched = false; + ce = e; + } } } |