tigervnc/u_tigervnc-add-autoaccept-parameter.patch

diff --git a/java/com/tigervnc/rfb/CSecurityTLS.java b/java/com/tigervnc/rfb/CSecurityTLS.java
index 6014502..9b886b5 100644
--- a/java/com/tigervnc/rfb/CSecurityTLS.java
+++ b/java/com/tigervnc/rfb/CSecurityTLS.java
@@ -47,6 +47,9 @@ public class CSecurityTLS extends CSecurity {
   public static StringParameter x509crl
   = new StringParameter("x509crl",
                         "X509 CRL file", "", Configuration.ConfigurationObject.ConfViewer);
+  public static StringParameter x509autoaccept
+  = new StringParameter("x509autoaccept",
+                        "X509 Certificate SHA-1 fingerprint", "", Configuration.ConfigurationObject.ConfViewer);
 
   private void initGlobal()
   {
@@ -71,6 +74,7 @@ public class CSecurityTLS extends CSecurity {
     setDefaults();
     cafile = x509ca.getData();
     crlfile = x509crl.getData();
+    certautoaccept = x509autoaccept.getData();
   }
 
   public static String getDefaultCA() {
@@ -247,34 +251,46 @@ public class CSecurityTLS extends CSecurity {
       try {
 	      tm.checkServerTrusted(chain, authType);
       } catch (CertificateException e) {
-        Object[] answer = {"Proceed", "Exit"};
-
-        StringBuilder message = new StringBuilder();
-        message.append(e.getCause().getLocalizedMessage());
-        message.append("\nContinue connecting to this host?");
+        String fingerprint = null;
 
         try {
+          StringBuilder fingerprintBuilder = new StringBuilder();
+
           MessageDigest sha1 = MessageDigest.getInstance("SHA1");
           sha1.update(chain[0].getEncoded());
 
-          message.append("\nSHA-1 fingerprint: ");
-
           for(byte B : sha1.digest()) {
-            message.append(Integer.toHexString(0xff & B));
-            message.append(':');
+            fingerprintBuilder.append(String.format("%02x", /*0xff & */B));
+            fingerprintBuilder.append(':');
           }
-          message.deleteCharAt(message.length() - 1);
+          fingerprintBuilder.deleteCharAt(fingerprintBuilder.length() - 1);
+
+          fingerprint = fingerprintBuilder.toString();
         } catch (NoSuchAlgorithmException noSuchAlgorithmException) {
           // No fingerprint then...
         }
 
-        int ret = JOptionPane.showOptionDialog(null,
-          message.toString(),
-          "Confirm certificate exception?",
-          JOptionPane.YES_NO_OPTION, JOptionPane.WARNING_MESSAGE,
-          null, answer, answer[0]);
-        if (ret == JOptionPane.NO_OPTION)
-          System.exit(1);
+        if(fingerprint == null || certautoaccept == null || !fingerprint.equalsIgnoreCase(certautoaccept)) {
+          Object[] answer = {"Proceed", "Exit"};
+
+          StringBuilder message = new StringBuilder();
+          message.append(e.getCause().getLocalizedMessage());
+          message.append("\nContinue connecting to this host?");
+          if(fingerprint != null) {
+            message.append("\nSHA-1 fingerprint: ");
+            message.append(fingerprint);
+            message.append("\nBle: ");
+            message.append(certautoaccept);
+          }
+
+          int ret = JOptionPane.showOptionDialog(null,
+            message.toString(),
+            "Confirm certificate exception?",
+            JOptionPane.YES_NO_OPTION, JOptionPane.WARNING_MESSAGE,
+            null, answer, answer[0]);
+          if (ret == JOptionPane.NO_OPTION)
+            System.exit(1);
+        }
       } catch (java.lang.Exception e) {
         throw new Exception(e.toString());
       }
@@ -301,7 +317,7 @@ public class CSecurityTLS extends CSecurity {
   private SSLEngineManager manager;
   private boolean anon;
 
-  private String cafile, crlfile;
+  private String cafile, crlfile, certautoaccept;
   private FdInStream is;
   private FdOutStream os;
 
diff --git a/java/com/tigervnc/vncviewer/VncViewer.java b/java/com/tigervnc/vncviewer/VncViewer.java
index cc21c2e..6786636 100644
--- a/java/com/tigervnc/vncviewer/VncViewer.java
+++ b/java/com/tigervnc/vncviewer/VncViewer.java
@@ -354,6 +354,8 @@ public class VncViewer extends javax.swing.JApplet
     parent.setFocusTraversalKeysEnabled(false);
     setLookAndFeel();
     setBackground(Color.white);
+
+    SecurityClient.setDefaults();
   }
 
   private void getTimestamp() {
@@ -375,6 +377,7 @@ public class VncViewer extends javax.swing.JApplet
     if (embed.getValue() && nViewers == 0) {
       alwaysShowServerDialog.setParam(false);
       Configuration.global().readAppletParams(this);
+      Configuration.viewer().readAppletParams(this);
       fullScreen.setParam(false);
       scalingFactor.setParam("100");
       String host = getCodeBase().getHost();