lan/HMCL
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: DST ROOT CA X3 has already expired. Closes #1100.

Browse Source
This commit is contained in:
huanghongxun
2021-10-16 19:09:50 +08:00
parent 513d101fc4
commit 67d38d6333
1 changed files with 27 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
HMCL/src/main/java/org/jackhuang/hmcl/Main.java
View File

@@ -20,7 +20,9 @@ package org.jackhuang.hmcl;
import org.jackhuang.hmcl.util.Logging; import org.jackhuang.hmcl.util.Logging;
import org.jackhuang.hmcl.util.SelfDependencyPatcher; import org.jackhuang.hmcl.util.SelfDependencyPatcher;
import javax.net.ssl.*; import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import javax.swing.*; import javax.swing.*;
import java.io.File; import java.io.File;
import java.io.IOException; import java.io.IOException;
@@ -33,7 +35,6 @@ import java.security.KeyStore;
import java.security.KeyStoreException; import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException; import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException; import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Collections; import java.util.Collections;
import java.util.concurrent.CancellationException; import java.util.concurrent.CancellationException;
import java.util.logging.Level; import java.util.logging.Level;
@@ -62,7 +63,7 @@ public final class Main {
// This environment check will take ~300ms // This environment check will take ~300ms
thread(() -> { thread(() -> {
fixLetsEncrypt(); fixLetsEncrypt();
checkDSTRootCAX3(); // checkDSTRootCAX3();
}, "CA Certificate Check", true); }, "CA Certificate Check", true);
Logging.start(Metadata.HMCL_DIRECTORY.resolve("logs")); Logging.start(Metadata.HMCL_DIRECTORY.resolve("logs"));
@@ -106,27 +107,29 @@ public final class Main {
} }
} }
private static void checkDSTRootCAX3() { // Lets Encrypt uses ISRG Root X1 as root certificate instead.
TrustManagerFactory tmf;
try { // private static void checkDSTRootCAX3() {
tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); // TrustManagerFactory tmf;
tmf.init((KeyStore) null); // try {
} catch (NoSuchAlgorithmException | KeyStoreException e) { // tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
LOG.log(Level.WARNING, "Failed to init TrustManagerFactory", e); // tmf.init((KeyStore) null);
// don't know what to do here // } catch (NoSuchAlgorithmException | KeyStoreException e) {
return; // LOG.log(Level.WARNING, "Failed to init TrustManagerFactory", e);
} // // don't know what to do here
for (TrustManager tm : tmf.getTrustManagers()) { // return;
if (tm instanceof X509TrustManager) { // }
for (X509Certificate cert : ((X509TrustManager) tm).getAcceptedIssuers()) { // for (TrustManager tm : tmf.getTrustManagers()) {
if ("CN=DST Root CA X3, O=Digital Signature Trust Co.".equals((cert.getSubjectDN().getName()))) { // if (tm instanceof X509TrustManager) {
return; // for (X509Certificate cert : ((X509TrustManager) tm).getAcceptedIssuers()) {
} // if ("CN=DST Root CA X3, O=Digital Signature Trust Co.".equals((cert.getSubjectDN().getName()))) {
} // return;
} // }
} // }
showWarningAndContinue(i18n("fatal.missing_dst_root_ca_x3")); // }
} // }
// showWarningAndContinue(i18n("fatal.missing_dst_root_ca_x3"));
// }
/** /**
* Indicates that a fatal error has occurred, and that the application cannot start. * Indicates that a fatal error has occurred, and that the application cannot start.