[pve-devel] r5429 - in vncterm/pve2: . tigerpatches

Tue Jan 25 08:08:03 CET 2011

Author: dietmar
Date: 2011-01-25 08:08:03 +0100 (Tue, 25 Jan 2011)
New Revision: 5429

Modified:
   vncterm/pve2/VncViewer.jar
   vncterm/pve2/tigerpatches/trust-manager.patch
Log:
allow match against CA 


Modified: vncterm/pve2/VncViewer.jar
===================================================================
(Binary files differ)

Modified: vncterm/pve2/tigerpatches/trust-manager.patch
===================================================================

--- vncterm/pve2/tigerpatches/trust-manager.patch	2011-01-25 06:31:36 UTC (rev 5428)
+++ vncterm/pve2/tigerpatches/trust-manager.patch	2011-01-25 07:08:03 UTC (rev 5429)
@@ -6,8 +6,8 @@
 
 Index: new/java/src/com/tigervnc/vncviewer/X509Tunnel.java
 ===================================================================
---- new.orig/java/src/com/tigervnc/vncviewer/X509Tunnel.java	2011-01-24 15:39:36.000000000 +0100
-+++ new/java/src/com/tigervnc/vncviewer/X509Tunnel.java	2011-01-24 16:08:18.000000000 +0100
+--- new.orig/java/src/com/tigervnc/vncviewer/X509Tunnel.java	2011-01-18 07:12:12.000000000 +0100
++++ new/java/src/com/tigervnc/vncviewer/X509Tunnel.java	2011-01-25 08:07:03.000000000 +0100
 @@ -26,13 +26,23 @@
  import javax.net.ssl.*;
  import java.security.*;
@@ -33,7 +33,7 @@
    }
  
    protected void setParam (SSLSocket sock)
-@@ -52,9 +62,42 @@
+@@ -52,9 +62,51 @@
    protected void initContext (SSLContext sc) throws java.security.
      GeneralSecurityException
    {
@@ -64,8 +64,17 @@
 +	    if (certs == null || certs.length > 1) {
 +	      throw new CertificateException("cert path too long");
 +	    }
++	    PublicKey cakey = pvecert.getPublicKey();
 +
-+	    if (!pvecert.equals(certs[0])) {
++	    boolean ca_match;
++	    try {
++	      certs[0].verify(cakey);
++	      ca_match = true;
++	    } catch (Exception e) {
++	      ca_match = false;
++	    }
++
++	    if (!ca_match && !pvecert.equals(certs[0])) {
 +	      throw new CertificateException("certificate does not match");
 +	    }
 +	  }
@@ -79,7 +88,7 @@
      sc.init (null, myTM, null);
    }
  
-@@ -100,4 +143,5 @@
+@@ -100,4 +152,5 @@
        return tm.getAcceptedIssuers ();
      }
    }
@@ -87,8 +96,8 @@
  }
 Index: new/java/src/com/tigervnc/vncviewer/RfbProto.java
 ===================================================================
---- new.orig/java/src/com/tigervnc/vncviewer/RfbProto.java	2011-01-24 15:39:36.000000000 +0100
-+++ new/java/src/com/tigervnc/vncviewer/RfbProto.java	2011-01-24 16:08:18.000000000 +0100
+--- new.orig/java/src/com/tigervnc/vncviewer/RfbProto.java	2011-01-18 07:12:12.000000000 +0100
++++ new/java/src/com/tigervnc/vncviewer/RfbProto.java	2011-01-25 07:44:23.000000000 +0100
 @@ -411,7 +411,8 @@
      }
  
@@ -101,8 +110,8 @@
  
 Index: new/java/src/com/tigervnc/vncviewer/VncViewer.java
 ===================================================================
---- new.orig/java/src/com/tigervnc/vncviewer/VncViewer.java	2011-01-24 16:08:15.000000000 +0100
-+++ new/java/src/com/tigervnc/vncviewer/VncViewer.java	2011-01-24 16:08:18.000000000 +0100
+--- new.orig/java/src/com/tigervnc/vncviewer/VncViewer.java	2011-01-25 07:44:23.000000000 +0100
++++ new/java/src/com/tigervnc/vncviewer/VncViewer.java	2011-01-25 07:44:23.000000000 +0100
 @@ -95,6 +95,8 @@
    int debugStatsExcludeUpdates;
    int debugStatsMeasureUpdates;


