tigervnc/u_tigervnc-Add-autoaccept-parameter.patch

Index: tigervnc-1.12.0/java/com/tigervnc/rfb/CSecurityTLS.java
===================================================================
--- tigervnc-1.12.0.orig/java/com/tigervnc/rfb/CSecurityTLS.java
+++ tigervnc-1.12.0/java/com/tigervnc/rfb/CSecurityTLS.java
@@ -66,6 +66,9 @@ public class CSecurityTLS extends CSecurity {
   public static StringParameter X509CRL
   = new StringParameter("X509CRL",
                         "X509 CRL file", "", Configuration.ConfigurationObject.ConfViewer);
+  public static StringParameter x509autoaccept
+  = new StringParameter("x509autoaccept",
+                        "X509 Certificate SHA-1 fingerprint", "", Configuration.ConfigurationObject.ConfViewer);
 
   private void initGlobal()
   {
@@ -84,6 +87,7 @@ public class CSecurityTLS extends CSecurity {
     setDefaults();
     cafile = X509CA.getData();
     crlfile = X509CRL.getData();
+    certautoaccept = x509autoaccept.getData();
   }
 
   public static String getDefaultCA() {
@@ -277,6 +281,7 @@ public class CSecurityTLS extends CSecurity {
 			      "do you want to continue?"))
           throw new AuthFailureException("server certificate has expired");
       }
+      String thumbprint = getThumbprint(cert);
       File vncDir = new File(FileUtils.getVncStateDir());
       if (!vncDir.exists()) {
         try {
@@ -336,6 +341,9 @@ public class CSecurityTLS extends CSecurity {
         store_pubkey(dbPath, client.getServerName().toLowerCase(), pk);
       } catch (java.lang.Exception e) {
         if (e.getCause() instanceof CertPathBuilderException) {
+          if (certautoaccept != null && thumbprint.equalsIgnoreCase(certautoaccept)) {
+            return;
+          }
           vlog.debug("Server host not previously known");
           vlog.debug(info);
           String text =
@@ -522,7 +530,7 @@ public class CSecurityTLS extends CSecurity {
   private SSLEngineManager manager;
   private boolean anon;
 
-  private String cafile, crlfile;
+  private String cafile, crlfile, certautoaccept;
   private FdInStream is;
   private FdOutStream os;