From 3981cff3d9feca0a3d240f675b8268ddb8751b83 Mon Sep 17 00:00:00 2001
From: Omair Majid <omajid@redhat.com>
Date: Fri, 23 Sep 2011 12:05:43 -0400
Subject: RH738814: Access denied at ssl handshake

It turns out that TrustManager.checkTrusted() could be called by untrusted
code. In such a case, we should still show a warning to the user, and not
throw a SecurityException instead.

2011-09-23  Omair Majid  <omajid@redhat.com>

    * netx/net/sourceforge/jnlp/security/SecurityDialogs.java
    (showCertWarningDialog): Add a javadoc comment.
    * netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java
    (askUser): Wrap the call to showCertWarningDialog in a doPrivileged
    block.
---
 netx/net/sourceforge/jnlp/security/SecurityDialogs.java | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'netx/net/sourceforge/jnlp/security/SecurityDialogs.java')

diff --git a/netx/net/sourceforge/jnlp/security/SecurityDialogs.java b/netx/net/sourceforge/jnlp/security/SecurityDialogs.java
index 9b93a73..d13aef9 100644
--- a/netx/net/sourceforge/jnlp/security/SecurityDialogs.java
+++ b/netx/net/sourceforge/jnlp/security/SecurityDialogs.java
@@ -181,6 +181,8 @@ public class SecurityDialogs {
      * @param accessType the type of warning dialog to show
      * @param file the JNLPFile associated with this warning
      * @param jarSigner the JarSigner used to verify this application
+     *
+     * @return true if the user accepted the certificate
      */
     public static boolean showCertWarningDialog(AccessType accessType,
             JNLPFile file, CertVerifier jarSigner) {
-- 
cgit v1.2.3