From 67d38d63332d6ee1ca2a399bb5a6a1178cb831da Mon Sep 17 00:00:00 2001 From: huanghongxun Date: Sat, 16 Oct 2021 19:09:50 +0800 Subject: [PATCH] fix: DST ROOT CA X3 has already expired. Closes #1100. --- .../main/java/org/jackhuang/hmcl/Main.java | 51 ++++++++++--------- 1 file changed, 27 insertions(+), 24 deletions(-) diff --git a/HMCL/src/main/java/org/jackhuang/hmcl/Main.java b/HMCL/src/main/java/org/jackhuang/hmcl/Main.java index b4dd8f7cc..b31a07141 100644 --- a/HMCL/src/main/java/org/jackhuang/hmcl/Main.java +++ b/HMCL/src/main/java/org/jackhuang/hmcl/Main.java @@ -20,7 +20,9 @@ package org.jackhuang.hmcl; import org.jackhuang.hmcl.util.Logging; import org.jackhuang.hmcl.util.SelfDependencyPatcher; -import javax.net.ssl.*; +import javax.net.ssl.HttpsURLConnection; +import javax.net.ssl.SSLContext; +import javax.net.ssl.TrustManagerFactory; import javax.swing.*; import java.io.File; import java.io.IOException; @@ -33,7 +35,6 @@ import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; import java.security.cert.CertificateException; -import java.security.cert.X509Certificate; import java.util.Collections; import java.util.concurrent.CancellationException; import java.util.logging.Level; @@ -62,7 +63,7 @@ public final class Main { // This environment check will take ~300ms thread(() -> { fixLetsEncrypt(); - checkDSTRootCAX3(); +// checkDSTRootCAX3(); }, "CA Certificate Check", true); Logging.start(Metadata.HMCL_DIRECTORY.resolve("logs")); @@ -106,27 +107,29 @@ public final class Main { } } - private static void checkDSTRootCAX3() { - TrustManagerFactory tmf; - try { - tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); - tmf.init((KeyStore) null); - } catch (NoSuchAlgorithmException | KeyStoreException e) { - LOG.log(Level.WARNING, "Failed to init TrustManagerFactory", e); - // don't know what to do here - return; - } - for (TrustManager tm : tmf.getTrustManagers()) { - if (tm instanceof X509TrustManager) { - for (X509Certificate cert : ((X509TrustManager) tm).getAcceptedIssuers()) { - if ("CN=DST Root CA X3, O=Digital Signature Trust Co.".equals((cert.getSubjectDN().getName()))) { - return; - } - } - } - } - showWarningAndContinue(i18n("fatal.missing_dst_root_ca_x3")); - } + // Lets Encrypt uses ISRG Root X1 as root certificate instead. + +// private static void checkDSTRootCAX3() { +// TrustManagerFactory tmf; +// try { +// tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); +// tmf.init((KeyStore) null); +// } catch (NoSuchAlgorithmException | KeyStoreException e) { +// LOG.log(Level.WARNING, "Failed to init TrustManagerFactory", e); +// // don't know what to do here +// return; +// } +// for (TrustManager tm : tmf.getTrustManagers()) { +// if (tm instanceof X509TrustManager) { +// for (X509Certificate cert : ((X509TrustManager) tm).getAcceptedIssuers()) { +// if ("CN=DST Root CA X3, O=Digital Signature Trust Co.".equals((cert.getSubjectDN().getName()))) { +// return; +// } +// } +// } +// } +// showWarningAndContinue(i18n("fatal.missing_dst_root_ca_x3")); +// } /** * Indicates that a fatal error has occurred, and that the application cannot start.