Index: tigervnc-1.12.0/java/com/tigervnc/rfb/CSecurityTLS.java =================================================================== --- tigervnc-1.12.0.orig/java/com/tigervnc/rfb/CSecurityTLS.java +++ tigervnc-1.12.0/java/com/tigervnc/rfb/CSecurityTLS.java @@ -66,6 +66,9 @@ public class CSecurityTLS extends CSecur public static StringParameter X509CRL = new StringParameter("X509CRL", "X509 CRL file", "", Configuration.ConfigurationObject.ConfViewer); + public static StringParameter x509autoaccept + = new StringParameter("x509autoaccept", + "X509 Certificate SHA-1 fingerprint", "", Configuration.ConfigurationObject.ConfViewer); public static UserMsgBox msg; private void initGlobal() @@ -85,6 +88,7 @@ public class CSecurityTLS extends CSecur setDefaults(); cafile = X509CA.getData(); crlfile = X509CRL.getData(); + certautoaccept = x509autoaccept.getData(); } public static String getDefaultCA() { @@ -278,6 +282,7 @@ public class CSecurityTLS extends CSecur "do you want to continue?")) throw new AuthFailureException("server certificate has expired"); } + String thumbprint = getThumbprint(cert); File vncDir = new File(FileUtils.getVncHomeDir()); if (!vncDir.exists()) { try { @@ -337,6 +342,9 @@ public class CSecurityTLS extends CSecur store_pubkey(dbPath, client.getServerName().toLowerCase(), pk); } catch (java.lang.Exception e) { if (e.getCause() instanceof CertPathBuilderException) { + if (certautoaccept != null && thumbprint.equalsIgnoreCase(certautoaccept)) { + return; + } vlog.debug("Server host not previously known"); vlog.debug(info); String text = @@ -524,7 +532,7 @@ public class CSecurityTLS extends CSecur private SSLEngineManager manager; private boolean anon; - private String cafile, crlfile; + private String cafile, crlfile, certautoaccept; private FdInStream is; private FdOutStream os;