forked from pool/tigervnc
f3919e3250
- Updated to tigervnc 1.5.0. - Dropped no longer needed patches: * tigervnc-sf3495623.patch * u_syslog.patch * u_tigervnc-build-with-xserver-1.17.patch - Use encryption everywhere. (fate#318936) - Work with fltk 1.3.2. * N_tigervnc_revert_fltk_1_3_3_requirements.patch OBS-URL: https://build.opensuse.org/request/show/316948 OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/tigervnc?expand=0&rev=58
61 lines
2.8 KiB
Diff
61 lines
2.8 KiB
Diff
From d6d847633660abb99764192f73da7be5adf3da9c Mon Sep 17 00:00:00 2001
|
|
From: Michal Srb <michalsrb@gmail.com>
|
|
Date: Tue, 7 Jul 2015 02:09:21 +0300
|
|
Subject: [PATCH 1/2] Use default trust manager in java viewer if custom CA is
|
|
not specified.
|
|
|
|
---
|
|
java/com/tigervnc/rfb/CSecurityTLS.java | 34 +++++++++++++++++----------------
|
|
1 file changed, 18 insertions(+), 16 deletions(-)
|
|
|
|
diff --git a/java/com/tigervnc/rfb/CSecurityTLS.java b/java/com/tigervnc/rfb/CSecurityTLS.java
|
|
index 6f799bb..7633f08 100644
|
|
--- a/java/com/tigervnc/rfb/CSecurityTLS.java
|
|
+++ b/java/com/tigervnc/rfb/CSecurityTLS.java
|
|
@@ -207,24 +207,26 @@ public class CSecurityTLS extends CSecurity {
|
|
try {
|
|
ks.load(null, null);
|
|
File cacert = new File(cafile);
|
|
- if (!cacert.exists() || !cacert.canRead())
|
|
- return;
|
|
- InputStream caStream = new FileInputStream(cafile);
|
|
- X509Certificate ca = (X509Certificate)cf.generateCertificate(caStream);
|
|
- ks.setCertificateEntry("CA", ca);
|
|
- PKIXBuilderParameters params = new PKIXBuilderParameters(ks, new X509CertSelector());
|
|
- File crlcert = new File(crlfile);
|
|
- if (!crlcert.exists() || !crlcert.canRead()) {
|
|
- params.setRevocationEnabled(false);
|
|
+ if (!cacert.exists() || !cacert.canRead()) {
|
|
+ tmf.init((KeyStore)null); // Use default trust manager
|
|
} else {
|
|
- InputStream crlStream = new FileInputStream(crlfile);
|
|
- Collection<? extends CRL> crls = cf.generateCRLs(crlStream);
|
|
- CertStoreParameters csp = new CollectionCertStoreParameters(crls);
|
|
- CertStore store = CertStore.getInstance("Collection", csp);
|
|
- params.addCertStore(store);
|
|
- params.setRevocationEnabled(true);
|
|
+ InputStream caStream = new FileInputStream(cafile);
|
|
+ X509Certificate ca = (X509Certificate)cf.generateCertificate(caStream);
|
|
+ ks.setCertificateEntry("CA", ca);
|
|
+ PKIXBuilderParameters params = new PKIXBuilderParameters(ks, new X509CertSelector());
|
|
+ File crlcert = new File(crlfile);
|
|
+ if (!crlcert.exists() || !crlcert.canRead()) {
|
|
+ params.setRevocationEnabled(false);
|
|
+ } else {
|
|
+ InputStream crlStream = new FileInputStream(crlfile);
|
|
+ Collection<? extends CRL> crls = cf.generateCRLs(crlStream);
|
|
+ CertStoreParameters csp = new CollectionCertStoreParameters(crls);
|
|
+ CertStore store = CertStore.getInstance("Collection", csp);
|
|
+ params.addCertStore(store);
|
|
+ params.setRevocationEnabled(true);
|
|
+ }
|
|
+ tmf.init(new CertPathTrustManagerParameters(params));
|
|
}
|
|
- tmf.init(new CertPathTrustManagerParameters(params));
|
|
} catch (java.io.FileNotFoundException e) {
|
|
vlog.error(e.toString());
|
|
} catch (java.io.IOException e) {
|
|
--
|
|
2.1.4
|
|
|