61 lines
2.8 KiB
Diff
61 lines
2.8 KiB
Diff
|
From d6d847633660abb99764192f73da7be5adf3da9c Mon Sep 17 00:00:00 2001
|
||
|
From: Michal Srb <michalsrb@gmail.com>
|
||
|
Date: Tue, 7 Jul 2015 02:09:21 +0300
|
||
|
Subject: [PATCH 1/2] Use default trust manager in java viewer if custom CA is
|
||
|
not specified.
|
||
|
|
||
|
---
|
||
|
java/com/tigervnc/rfb/CSecurityTLS.java | 34 +++++++++++++++++----------------
|
||
|
1 file changed, 18 insertions(+), 16 deletions(-)
|
||
|
|
||
|
diff --git a/java/com/tigervnc/rfb/CSecurityTLS.java b/java/com/tigervnc/rfb/CSecurityTLS.java
|
||
|
index 6f799bb..7633f08 100644
|
||
|
--- a/java/com/tigervnc/rfb/CSecurityTLS.java
|
||
|
+++ b/java/com/tigervnc/rfb/CSecurityTLS.java
|
||
|
@@ -207,24 +207,26 @@ public class CSecurityTLS extends CSecurity {
|
||
|
try {
|
||
|
ks.load(null, null);
|
||
|
File cacert = new File(cafile);
|
||
|
- if (!cacert.exists() || !cacert.canRead())
|
||
|
- return;
|
||
|
- InputStream caStream = new FileInputStream(cafile);
|
||
|
- X509Certificate ca = (X509Certificate)cf.generateCertificate(caStream);
|
||
|
- ks.setCertificateEntry("CA", ca);
|
||
|
- PKIXBuilderParameters params = new PKIXBuilderParameters(ks, new X509CertSelector());
|
||
|
- File crlcert = new File(crlfile);
|
||
|
- if (!crlcert.exists() || !crlcert.canRead()) {
|
||
|
- params.setRevocationEnabled(false);
|
||
|
+ if (!cacert.exists() || !cacert.canRead()) {
|
||
|
+ tmf.init((KeyStore)null); // Use default trust manager
|
||
|
} else {
|
||
|
- InputStream crlStream = new FileInputStream(crlfile);
|
||
|
- Collection<? extends CRL> crls = cf.generateCRLs(crlStream);
|
||
|
- CertStoreParameters csp = new CollectionCertStoreParameters(crls);
|
||
|
- CertStore store = CertStore.getInstance("Collection", csp);
|
||
|
- params.addCertStore(store);
|
||
|
- params.setRevocationEnabled(true);
|
||
|
+ InputStream caStream = new FileInputStream(cafile);
|
||
|
+ X509Certificate ca = (X509Certificate)cf.generateCertificate(caStream);
|
||
|
+ ks.setCertificateEntry("CA", ca);
|
||
|
+ PKIXBuilderParameters params = new PKIXBuilderParameters(ks, new X509CertSelector());
|
||
|
+ File crlcert = new File(crlfile);
|
||
|
+ if (!crlcert.exists() || !crlcert.canRead()) {
|
||
|
+ params.setRevocationEnabled(false);
|
||
|
+ } else {
|
||
|
+ InputStream crlStream = new FileInputStream(crlfile);
|
||
|
+ Collection<? extends CRL> crls = cf.generateCRLs(crlStream);
|
||
|
+ CertStoreParameters csp = new CollectionCertStoreParameters(crls);
|
||
|
+ CertStore store = CertStore.getInstance("Collection", csp);
|
||
|
+ params.addCertStore(store);
|
||
|
+ params.setRevocationEnabled(true);
|
||
|
+ }
|
||
|
+ tmf.init(new CertPathTrustManagerParameters(params));
|
||
|
}
|
||
|
- tmf.init(new CertPathTrustManagerParameters(params));
|
||
|
} catch (java.io.FileNotFoundException e) {
|
||
|
vlog.error(e.toString());
|
||
|
} catch (java.io.IOException e) {
|
||
|
--
|
||
|
2.1.4
|
||
|
|