Index: tigervnc-1.10.1/java/com/tigervnc/rfb/CSecurityTLS.java =================================================================== --- tigervnc-1.10.1.orig/java/com/tigervnc/rfb/CSecurityTLS.java +++ tigervnc-1.10.1/java/com/tigervnc/rfb/CSecurityTLS.java @@ -66,6 +66,9 @@ public class CSecurityTLS extends CSecur public static StringParameter X509CRL = new StringParameter("X509CRL", "X509 CRL file", "", Configuration.ConfigurationObject.ConfViewer); + public static StringParameter x509autoaccept + = new StringParameter("x509autoaccept", + "X509 Certificate SHA-1 fingerprint", "", Configuration.ConfigurationObject.ConfViewer); public static UserMsgBox msg; private void initGlobal() @@ -85,6 +88,7 @@ public class CSecurityTLS extends CSecur setDefaults(); cafile = X509CA.getData(); crlfile = X509CRL.getData(); + certautoaccept = x509autoaccept.getData(); } public static String getDefaultCA() { @@ -278,6 +282,7 @@ public class CSecurityTLS extends CSecur "do you want to continue?")) throw new AuthFailureException("server certificate has expired"); } + String thumbprint = getThumbprint(cert); File vncDir = new File(FileUtils.getVncHomeDir()); if (!vncDir.exists()) throw new AuthFailureException("Could not obtain VNC home directory "+ @@ -332,6 +337,9 @@ public class CSecurityTLS extends CSecur store_pubkey(dbPath, client.getServerName().toLowerCase(), pk); } catch (java.lang.Exception e) { if (e.getCause() instanceof CertPathBuilderException) { + if (certautoaccept != null && thumbprint.equalsIgnoreCase(certautoaccept)) { + return; + } vlog.debug("Server host not previously known"); vlog.debug(info); String text = @@ -519,7 +527,7 @@ public class CSecurityTLS extends CSecur private SSLEngineManager manager; private boolean anon; - private String cafile, crlfile; + private String cafile, crlfile, certautoaccept; private FdInStream is; private FdOutStream os; Index: tigervnc-1.10.1/java/com/tigervnc/vncviewer/VncViewer.java =================================================================== --- tigervnc-1.10.1.orig/java/com/tigervnc/vncviewer/VncViewer.java +++ tigervnc-1.10.1/java/com/tigervnc/vncviewer/VncViewer.java @@ -393,6 +393,8 @@ public class VncViewer extends javax.swi // Called right after zero-arg constructor in applet mode setLookAndFeel(); setBackground(Color.white); + + SecurityClient.setDefaults(); applet = this; vncServerName.put(loadAppletParameters(applet).toCharArray()).flip(); if (embed.getValue()) {