Bug 786775

Summary: icedtea-web fail to download JARs on https locations
Product: [openSUSE] openSUSE 12.2 Reporter: Cedric Devillers <cedric.devillers>
Component: JavaAssignee: Michal Vyskocil <mvyskocil>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Critical    
Priority: P3 - Medium    
Version: Final   
Target Milestone: ---   
Hardware: x86-64   
OS: openSUSE 12.2   
Whiteboard: maint:running:49994:moderate maint:released:sle11-sp2:50026
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on:    
Bug Blocks: 787846    

Description Cedric Devillers 2012-10-25 17:33:39 UTC 
User-Agent:       Mozilla/5.0 (X11; Linux x86_64; rv:16.0) Gecko/20100101 Firefox/16.0

With icedtea-web, many proprietary java applets failed to load. This is related to the fact that they are hosted on https webservers with wrong certificate, and you cannot change it.

You see error in log (en exemple) :
JAR https://XX.XX.XX.XX/data/auth/XvpnClientV2_2_3.jar not found. Continuing.
then a ClassNotFoundException

The path exist an you can wget the jar file, but icedtea-web cannot get it.

See reference for theses problems here : https://bugzilla.redhat.com/show_bug.cgi?id=753960

I can confirm this problem exist on HP ILO remote console and some SSL VPN applets.

On comment #16 there is a proposed patch that fix the problem : https://bugzilla.redhat.com/show_bug.cgi?id=753960#c16

I've tried the patch mentioned in the redhat's bugzilla and indeed it solve the problem for me. I've built packages including this patch on OBS : https://build.opensuse.org/project/show?project=home%3Abran0k%3Abranches%3AopenSUSE%3A12.2%3AUpdate

Can you have a look at this problem and maybe include the patch proposed by redhat  ?

Reproducible: Always

Steps to Reproduce:
1. Try to load an applet hosted on a https webserver with wrong certificate (wrong hostname, most likely).
2.
3.
Actual Results:  
The applet cannot load.

Expected Results:  
The applet should be loaded even with a wrong certificate.
Comment 1 Michal Vyskocil 2012-10-29 13:03:26 UTC 
(In reply to comment #0)
> User-Agent:       Mozilla/5.0 (X11; Linux x86_64; rv:16.0) Gecko/20100101
> Firefox/16.0
> 
> With icedtea-web, many proprietary java applets failed to load. This is related
> to the fact that they are hosted on https webservers with wrong certificate,
> and you cannot change it.
> 
> You see error in log (en exemple) :
> JAR https://XX.XX.XX.XX/data/auth/XvpnClientV2_2_3.jar not found. Continuing.
> then a ClassNotFoundException
> 
> The path exist an you can wget the jar file, but icedtea-web cannot get it.
> 
> See reference for theses problems here :
> https://bugzilla.redhat.com/show_bug.cgi?id=753960

Cool, sounds great! There are few others similar bugs (all conntected with ssl and unsigned stuff), so I'll ask for a test before update.
Comment 2 Michal Vyskocil 2012-11-08 09:15:51 UTC 
The self-signed issue has been added to icedtea-web 1.3.1 - an update is
handled in bnc#787846.
Comment 3 Bernhard Wiedemann 2012-11-14 13:31:03 UTC 
This is an autogenerated message for OBS integration:
This bug (786775) was mentioned in
https://build.opensuse.org/request/show/141112
https://build.opensuse.org/request/show/141113
Comment 4 Bernhard Wiedemann 2012-11-14 13:43:32 UTC 
This is an autogenerated message for OBS integration:
This bug (786775) was mentioned in
https://build.opensuse.org/request/show/141254
Comment 5 Swamp Workflow Management 2012-11-20 13:54:03 UTC 
Update released for: icedtea-web, icedtea-web-debuginfo, icedtea-web-debugsource, icedtea-web-javadoc
Products:
SLE-DEBUGINFO 11-SP2 (i386, x86_64)
SLE-DESKTOP 11-SP2 (i386, x86_64)
Comment 6 Swamp Workflow Management 2012-11-22 10:13:52 UTC 
openSUSE-SU-2012:1524-1: An update that solves one vulnerability and has three fixes is now available.

Category: security (moderate)
Bug References: 784859,785333,786775,787846
CVE References: CVE-2012-4540
Sources used:
openSUSE 12.2 (src):    icedtea-web-1.3.1-1.9.1
openSUSE 12.1 (src):    icedtea-web-1.3.1-17.1
Comment 7 Bernhard Wiedemann 2012-11-25 02:00:35 UTC 
This is an autogenerated message for OBS integration:
This bug (786775) was mentioned in
https://build.opensuse.org/request/show/142728 Evergreen:11.2 / icedtea-web
Comment 8 Bernhard Wiedemann 2012-11-30 18:01:12 UTC 
This is an autogenerated message for OBS integration:
This bug (786775) was mentioned in
https://build.opensuse.org/request/show/142995 Evergreen:11.2 / icedtea-web
Comment 9 Michal Vyskocil 2012-12-03 08:36:53 UTC 
released, fixed