From 3ee966ed4e2334368c40f4f3e28de1d1c6bb4159 Mon Sep 17 00:00:00 2001
From: "Brian P. Hinz" <bphinz@users.sf.net>
Date: Sun, 13 Sep 2015 10:56:23 -0400
Subject: [PATCH] Handle CA chain certificates

Allow the Java client to read CA certificates containing multiple
certs concatenated together.
---
 java/com/tigervnc/rfb/CSecurityTLS.java | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/java/com/tigervnc/rfb/CSecurityTLS.java b/java/com/tigervnc/rfb/CSecurityTLS.java
index a3246c5f..cc776fc9 100644
--- a/java/com/tigervnc/rfb/CSecurityTLS.java
+++ b/java/com/tigervnc/rfb/CSecurityTLS.java
@@ -230,10 +230,13 @@ public class CSecurityTLS extends CSecurity {
         File cacert = new File(cafile);
         if (cacert.exists() && cacert.canRead()) {
           InputStream caStream = new FileInputStream(cafile);
-          Certificate cert = cf.generateCertificate(caStream);
-          String dn = 
-            ((X509Certificate)cert).getSubjectX500Principal().getName();
-          ks.setCertificateEntry(dn, (X509Certificate)cert);
+          Collection<? extends Certificate> cacerts =
+            cf.generateCertificates(caStream);
+          for (Certificate cert : cacerts) {
+            String dn =
+              ((X509Certificate)cert).getSubjectX500Principal().getName();
+            ks.setCertificateEntry(dn, (X509Certificate)cert);
+          }
         }
         PKIXBuilderParameters params =
           new PKIXBuilderParameters(ks, new X509CertSelector());
-- 
2.39.5