Suggest accepting SSL certificate if CN mismatch is detected

[GoogleCodeExporter]

This report was sent by email:

Summary
I have a valid (working with other apps) WebDAV resource setup using a hosting 
company's (justhost.com) Web Disk application. The GanntProject menu -> Project 
-> Web Server -> (open from server/save to a server) do not work. A valid 
WebDAV server is configured.

Problem
During the authentication process, the justhost certificate is presented for 
the domain that I have purchased and is hosted by justhost. Since the cert 
doesn't match, a spoof is assumed. I have attached the log lines below 
articulating this error.

Analysis
Other OSes (Windows and Linux) experience this same issue but handle it. They 
throw dialogs identifying the certificate mismatches. In addition, an override 
is allowed. This is an acceptable case because I understand the certificate 
deltas. Unfortunately because this is being handled in the Java security 
classes a java handler has to be provided. I did not look to see if there was 
as common java handler class that would make this easy to integrate into the 
application. Maybe an OS system call? I am sorry I haven't written a lot of 
code in this space.

Proposed fix
Throw dialogs containing the cert names and allow the user to accept the 
override and install the overriding cert.

Original issue reported on code.google.com by dbarashev on 21 Mar 2014 at 1:23

Attachments:

• log.txt