From d6d847633660abb99764192f73da7be5adf3da9c Mon Sep 17 00:00:00 2001
From: Michal Srb <michalsrb@gmail.com>
Date: Tue, 7 Jul 2015 02:09:21 +0300
Subject: [PATCH 1/2] Use default trust manager in java viewer if custom CA is
 not specified.

---
 java/com/tigervnc/rfb/CSecurityTLS.java | 34 +++++++++++++++++----------------
 1 file changed, 18 insertions(+), 16 deletions(-)

diff --git a/java/com/tigervnc/rfb/CSecurityTLS.java b/java/com/tigervnc/rfb/CSecurityTLS.java
index 6f799bb..7633f08 100644
--- a/java/com/tigervnc/rfb/CSecurityTLS.java
+++ b/java/com/tigervnc/rfb/CSecurityTLS.java
@@ -207,24 +207,26 @@ public class CSecurityTLS extends CSecurity {
       try {
         ks.load(null, null);
         File cacert = new File(cafile);
-        if (!cacert.exists() || !cacert.canRead())
-          return;
-        InputStream caStream = new FileInputStream(cafile);
-        X509Certificate ca = (X509Certificate)cf.generateCertificate(caStream);
-        ks.setCertificateEntry("CA", ca);
-        PKIXBuilderParameters params = new PKIXBuilderParameters(ks, new X509CertSelector());
-        File crlcert = new File(crlfile);
-        if (!crlcert.exists() || !crlcert.canRead()) {
-          params.setRevocationEnabled(false);
+        if (!cacert.exists() || !cacert.canRead()) {
+          tmf.init((KeyStore)null); // Use default trust manager
         } else {
-          InputStream crlStream = new FileInputStream(crlfile);
-          Collection<? extends CRL> crls = cf.generateCRLs(crlStream);
-          CertStoreParameters csp = new CollectionCertStoreParameters(crls);
-          CertStore store = CertStore.getInstance("Collection", csp);
-          params.addCertStore(store);
-          params.setRevocationEnabled(true);
+          InputStream caStream = new FileInputStream(cafile);
+          X509Certificate ca = (X509Certificate)cf.generateCertificate(caStream);
+          ks.setCertificateEntry("CA", ca);
+          PKIXBuilderParameters params = new PKIXBuilderParameters(ks, new X509CertSelector());
+          File crlcert = new File(crlfile);
+          if (!crlcert.exists() || !crlcert.canRead()) {
+            params.setRevocationEnabled(false);
+          } else {
+            InputStream crlStream = new FileInputStream(crlfile);
+            Collection<? extends CRL> crls = cf.generateCRLs(crlStream);
+            CertStoreParameters csp = new CollectionCertStoreParameters(crls);
+            CertStore store = CertStore.getInstance("Collection", csp);
+            params.addCertStore(store);
+            params.setRevocationEnabled(true);
+          }
+          tmf.init(new CertPathTrustManagerParameters(params));
         }
-        tmf.init(new CertPathTrustManagerParameters(params));
       } catch (java.io.FileNotFoundException e) {
         vlog.error(e.toString());
       } catch (java.io.IOException e) {
-- 
2.1.4