fix: DST ROOT CA X3 has already expired. Closes #1100.

2025-04-24 18:50:52 +08:00 · 2021-10-16 19:09:50 +08:00 · 2021-10-16 19:09:50 +08:00 · 67d38d6333
commit 67d38d6333
parent 513d101fc4
1 changed files with 27 additions and 24 deletions
--- a/HMCL/src/main/java/org/jackhuang/hmcl/Main.java
+++ b/HMCL/src/main/java/org/jackhuang/hmcl/Main.java
@ -20,7 +20,9 @@ package org.jackhuang.hmcl;
 import org.jackhuang.hmcl.util.Logging;
 import org.jackhuang.hmcl.util.SelfDependencyPatcher;

-import javax.net.ssl.*;
+import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManagerFactory;
 import javax.swing.*;
 import java.io.File;
 import java.io.IOException;
@ -33,7 +35,6 @@ import java.security.KeyStore;
 import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
 import java.security.cert.CertificateException;
-import java.security.cert.X509Certificate;
 import java.util.Collections;
 import java.util.concurrent.CancellationException;
 import java.util.logging.Level;
@ -62,7 +63,7 @@ public final class Main {
        // This environment check will take ~300ms
        thread(() -> {
            fixLetsEncrypt();
-            checkDSTRootCAX3();
+//            checkDSTRootCAX3();
        }, "CA Certificate Check", true);

        Logging.start(Metadata.HMCL_DIRECTORY.resolve("logs"));
@ -106,27 +107,29 @@ public final class Main {
        }
    }

-    private static void checkDSTRootCAX3() {
-        TrustManagerFactory tmf;
-        try {
-            tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
-            tmf.init((KeyStore) null);
-        } catch (NoSuchAlgorithmException | KeyStoreException e) {
-            LOG.log(Level.WARNING, "Failed to init TrustManagerFactory", e);
-            // don't know what to do here
-            return;
-        }
-        for (TrustManager tm : tmf.getTrustManagers()) {
-            if (tm instanceof X509TrustManager) {
-                for (X509Certificate cert : ((X509TrustManager) tm).getAcceptedIssuers()) {
-                    if ("CN=DST Root CA X3, O=Digital Signature Trust Co.".equals((cert.getSubjectDN().getName()))) {
-                        return;
-                    }
-                }
-            }
-        }
-        showWarningAndContinue(i18n("fatal.missing_dst_root_ca_x3"));
-    }
+    // Lets Encrypt uses ISRG Root X1 as root certificate instead.
+
+//    private static void checkDSTRootCAX3() {
+//        TrustManagerFactory tmf;
+//        try {
+//            tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+//            tmf.init((KeyStore) null);
+//        } catch (NoSuchAlgorithmException | KeyStoreException e) {
+//            LOG.log(Level.WARNING, "Failed to init TrustManagerFactory", e);
+//            // don't know what to do here
+//            return;
+//        }
+//        for (TrustManager tm : tmf.getTrustManagers()) {
+//            if (tm instanceof X509TrustManager) {
+//                for (X509Certificate cert : ((X509TrustManager) tm).getAcceptedIssuers()) {
+//                    if ("CN=DST Root CA X3, O=Digital Signature Trust Co.".equals((cert.getSubjectDN().getName()))) {
+//                        return;
+//                    }
+//                }
+//            }
+//        }
+//        showWarningAndContinue(i18n("fatal.missing_dst_root_ca_x3"));
+//    }

    /**
     * Indicates that a fatal error has occurred, and that the application cannot start.