SHA256
1
0
forked from pool/tigervnc
tigervnc/u_tigervnc-use-default-trust-manager-in-java-viewer-if-custom.patch

61 lines
2.8 KiB
Diff
Raw Normal View History

From d6d847633660abb99764192f73da7be5adf3da9c Mon Sep 17 00:00:00 2001
From: Michal Srb <michalsrb@gmail.com>
Date: Tue, 7 Jul 2015 02:09:21 +0300
Subject: [PATCH 1/2] Use default trust manager in java viewer if custom CA is
not specified.
---
java/com/tigervnc/rfb/CSecurityTLS.java | 34 +++++++++++++++++----------------
1 file changed, 18 insertions(+), 16 deletions(-)
diff --git a/java/com/tigervnc/rfb/CSecurityTLS.java b/java/com/tigervnc/rfb/CSecurityTLS.java
index 6f799bb..7633f08 100644
--- a/java/com/tigervnc/rfb/CSecurityTLS.java
+++ b/java/com/tigervnc/rfb/CSecurityTLS.java
@@ -207,24 +207,26 @@ public class CSecurityTLS extends CSecurity {
try {
ks.load(null, null);
File cacert = new File(cafile);
- if (!cacert.exists() || !cacert.canRead())
- return;
- InputStream caStream = new FileInputStream(cafile);
- X509Certificate ca = (X509Certificate)cf.generateCertificate(caStream);
- ks.setCertificateEntry("CA", ca);
- PKIXBuilderParameters params = new PKIXBuilderParameters(ks, new X509CertSelector());
- File crlcert = new File(crlfile);
- if (!crlcert.exists() || !crlcert.canRead()) {
- params.setRevocationEnabled(false);
+ if (!cacert.exists() || !cacert.canRead()) {
+ tmf.init((KeyStore)null); // Use default trust manager
} else {
- InputStream crlStream = new FileInputStream(crlfile);
- Collection<? extends CRL> crls = cf.generateCRLs(crlStream);
- CertStoreParameters csp = new CollectionCertStoreParameters(crls);
- CertStore store = CertStore.getInstance("Collection", csp);
- params.addCertStore(store);
- params.setRevocationEnabled(true);
+ InputStream caStream = new FileInputStream(cafile);
+ X509Certificate ca = (X509Certificate)cf.generateCertificate(caStream);
+ ks.setCertificateEntry("CA", ca);
+ PKIXBuilderParameters params = new PKIXBuilderParameters(ks, new X509CertSelector());
+ File crlcert = new File(crlfile);
+ if (!crlcert.exists() || !crlcert.canRead()) {
+ params.setRevocationEnabled(false);
+ } else {
+ InputStream crlStream = new FileInputStream(crlfile);
+ Collection<? extends CRL> crls = cf.generateCRLs(crlStream);
+ CertStoreParameters csp = new CollectionCertStoreParameters(crls);
+ CertStore store = CertStore.getInstance("Collection", csp);
+ params.addCertStore(store);
+ params.setRevocationEnabled(true);
+ }
+ tmf.init(new CertPathTrustManagerParameters(params));
}
- tmf.init(new CertPathTrustManagerParameters(params));
} catch (java.io.FileNotFoundException e) {
vlog.error(e.toString());
} catch (java.io.IOException e) {
--
2.1.4