3 plugin patches for 1.6
Andrew John Hughes
gnu_andrew at member.fsf.org
Mon Aug 24 13:42:21 PDT 2009
2009/8/24 Deepak Bhole <dbhole at redhat.com>:
> Attached are 3 plugin patches for the 1.6 release. These are the last of
> the patches that need to make it into 1.6.
> Patch 1: allow-cn-mismatch.patch
> Currently, if the hostname of a site does not match the certificate CN,
> the connection fails. This patch gives the user the option to bypass
> Patch 2: cookie-manager.patch
> This is more of a fix for bugs on serverside.. for example, webmin sets
> a cookie named " sid". The current cookie implementation in the plugin
> uses HttpCookie for storing cookies, which strips the initial space.
> Webmin cannot handle this, and fails. With the attached patch, cookies
> are handled in a different manner such that spaces don't get stripped.
> Patch 3: npefix-sigsegv.patch
> This patch fixes an NPE that can result if the panel has not been fully
> initialized (encountered on www.tdfx.ca)
> It also fixes a SIGSEGV issue that results if an applet tries to set a
> status message with a newline character.
> Combined ChangeLog:
> 2009-08-23 Deepak Bhole <dbhole at redhat.com>
> * rt/net/sourceforge/jnlp/resources/Messages.properties: Add new message
> key for CN name mismatches.
> * rt/net/sourceforge/jnlp/security/HttpsCertVerifier.java
> (HttpsCertVerifier): Accept new parameters that indicate certificate trust
> status, CN mismatch status, and the hostname.
> (getAlreadyTrustPublisher): Use provided isTrusted boolean to get around
> checkServerTrusted() synchronization.
> (getDetails): Include details about CN mismatch.
> (getNamesForCert): New private method. Returns all acceptable names for
> a given X509Certificate.
> (R): Overloaded the method to return messages that have 2 variables.
> * rt/net/sourceforge/jnlp/security/VariableX509TrustManager.java: Extend
> X509ExtendedTrustManager rather than X509TrustManager.
> (checkClientTrusted): Overloaded method with one that takes a hostname.
> (checkServerTrusted): Same. The new overloaded method also checks for CN
> mismatch if the certificate is not explicitly trusted.
> (isExplicitlyTrusted): Returns if the given certificate chain is part of
> the local user trusted DB.
> (askUser): Change parameters to accept information about trust, host match
> status, and hostname.
> * plugin/icedtea/sun/applet/PluginCookieInfoRequest.java
> (parseReturn): Store cookie info as a string rather than a list of
> HttpCookie objects.
> (getObject): Return the new cookie string.
> * plugin/icedtea/sun/applet/PluginCookieManager.java: New file, extends
> CookieManager as is set as the default cookie manager for the plugin.
> * plugin/icedtea/sun/applet/PluginCookieStore.java : Deleted. New design
> uses a custom cookiemanager rather than just a custom store.
> * plugin/icedtea/sun/applet/PluginMain.java : Wire in the new cookie
> * plugin/icedtea/sun/applet/PluginAppletViewer.java
> (handleMessage): Wait until panel is set before pinging it for life status.
> (showStatus): Replace new lines with spaces, as the status is on a single
> line anyway.
As with Ed and Gary, I feel one of the issues with your patches is
that you are the only one who knows the code deeply enough. This is
something we need to fix.
I do a scan over the patches and they look ok to me (the third
especially is a trivial fix). I'd file a bug with webmin regarding
the cookie issue, as this is against the spec. which states that the
attribute name should be ' a sequence of non-special, non-white space
Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)
Support Free Java!
Contribute to GNU Classpath and the OpenJDK
PGP Key: 94EFD9D8 (http://subkeys.pgp.net)
Fingerprint: F8EF F1EA 401E 2E60 15FA 7927 142C 2591 94EF D9D8
More information about the distro-pkg-dev