[icedtea-web] RFC: RH738814 - Access denied at ssl handshake

Omair Majid omajid at redhat.com
Mon Sep 19 14:51:42 PDT 2011


The attached patch should address RH738814 [1]

The stack trace of the exception shows that code in 
VariableX509TrustManager tries do show a prompt which needs all 
permissions. Since the method call was originally from an untrusted 
applet, these permissions are missing and a security exception is thrown.

Something along this line was anticipated earlier [2], but my fix may 
have been too broad. So now that we have a stack trace, I have a more 
focused patch. Any thoughts or comments?

The patch is for HEAD, but applies to 1.1 as well. It should also apply 
to 1.0 after trivial changes - though I am not sure if that's something 
we should do.

2011-09-19  Omair Majid  <omajid at redhat.com>

   * netx/net/sourceforge/jnlp/security/SecurityDialogs.java
   (showCertWarningDialog): Add a javadoc comment.
   * netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java
   (askUser): Wrap the call to showCertWarningDialog in a doPrivileged


[1] https://bugzilla.redhat.com/show_bug.cgi?id=738814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: icedtea-web-ask-user-privileged-01.patch
Type: text/x-patch
Size: 2949 bytes
Desc: not available
Url : http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20110919/7248f567/icedtea-web-ask-user-privileged-01.patch 

More information about the distro-pkg-dev mailing list