diff options
author | Brian P. Hinz <bphinz@users.sf.net> | 2015-09-13 10:56:23 -0400 |
---|---|---|
committer | Brian P. Hinz <bphinz@users.sf.net> | 2015-09-13 10:58:37 -0400 |
commit | 3ee966ed4e2334368c40f4f3e28de1d1c6bb4159 (patch) | |
tree | acf22e0d179fae729ff8e2e3398e150590d8fb32 /java | |
parent | 95f39a5685bbf389200e0c7abea5d7db50755572 (diff) | |
download | tigervnc-3ee966ed4e2334368c40f4f3e28de1d1c6bb4159.tar.gz tigervnc-3ee966ed4e2334368c40f4f3e28de1d1c6bb4159.zip |
Handle CA chain certificates
Allow the Java client to read CA certificates containing multiple
certs concatenated together.
Diffstat (limited to 'java')
-rw-r--r-- | java/com/tigervnc/rfb/CSecurityTLS.java | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/java/com/tigervnc/rfb/CSecurityTLS.java b/java/com/tigervnc/rfb/CSecurityTLS.java index a3246c5f..cc776fc9 100644 --- a/java/com/tigervnc/rfb/CSecurityTLS.java +++ b/java/com/tigervnc/rfb/CSecurityTLS.java @@ -230,10 +230,13 @@ public class CSecurityTLS extends CSecurity { File cacert = new File(cafile); if (cacert.exists() && cacert.canRead()) { InputStream caStream = new FileInputStream(cafile); - Certificate cert = cf.generateCertificate(caStream); - String dn = - ((X509Certificate)cert).getSubjectX500Principal().getName(); - ks.setCertificateEntry(dn, (X509Certificate)cert); + Collection<? extends Certificate> cacerts = + cf.generateCertificates(caStream); + for (Certificate cert : cacerts) { + String dn = + ((X509Certificate)cert).getSubjectX500Principal().getName(); + ks.setCertificateEntry(dn, (X509Certificate)cert); + } } PKIXBuilderParameters params = new PKIXBuilderParameters(ks, new X509CertSelector()); |