Bug 1512646 - patch "https preferred over http" break some KVM jnlp files
Summary: patch "https preferred over http" break some KVM jnlp files
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: icedtea-web
Version: 26
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: jiri vanek
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-11-13 18:45 UTC by Fabrice Bellet
Modified: 2018-01-03 21:32 UTC (History)
4 users (show)

Fixed In Version: icedtea-web-1.7.1-1.fc26 icedtea-web-1.7.1-1.fc27
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-01-03 21:19:11 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description Fabrice Bellet 2017-11-13 18:45:33 UTC 
Hi!

I noticed that this patch breaks jnlp files having the port number hardcoded in the codebase url, like some Avocent KVM :

<jnlp spec="1.0+" codebase="http://kvm.example.com:80/viewers">

It causes long timeouts, while https://kvm.example.com:80/viewers/... url are tested, and fail.
Comment 1 jiri vanek 2017-11-15 15:00:42 UTC 
So the everything works, just take longer time?

Because to make this configure-able, is not exactly easy step. But is doable if it really breaks stuff.
Comment 2 Fabrice Bellet 2017-11-16 17:28:28 UTC 
Yes, the timeout is around 45s-60s, so not completely anecdotal. Ideally replacing http by https in the url should also take care to remove the port number in the same url when it exists. In the case of this particular KVM, the same content is also available in https on  port 443.
Comment 3 Luca Giuzzi 2017-12-05 20:34:15 UTC 
I have the same problem with some urls where the port is not hardcoded (but the app should be served over http).

See this page: 
http://www.agenziaentrate.gov.it/wps/content/nsilib/nsi/home/cosadevifare/versare/f24/sw+compilazione+f24#software

[the link is: http://jws.agenziaentrate.it/jws/F24/F24OnLine.jnlp and I also tried running javaws directly]
Comment 4 Luca Giuzzi 2017-12-06 07:42:18 UTC 
(incidentally: my problem is on f27; I have not tested on f26)
Comment 5 Luca Giuzzi 2017-12-06 11:44:16 UTC 
I have recompiled icedtea-web from the repository (tip: 1478:8fc0a95eb645)
If I comment  line 103 in ResourceUrlCreator.java preferring https to http (see changeset 1398:0789465aecc8)
then everything works nicely (otherwise I had to give up starting the application after 2 hours).

I understand that the site of "agenziaentrate" does not follow the correct policy of serving the applets via https; however I would consider this a relevant bug for some real-world uses.

Should this be escalated to upstream?
Comment 6 jiri vanek 2017-12-06 12:19:47 UTC 
well, i'm the upstream:)

I will add backward compatibility switch for you, does it sound correct?
Comment 7 Luca Giuzzi 2017-12-06 12:24:23 UTC 
That would be fine ;)
Thanks!
Comment 8 jiri vanek 2017-12-08 14:32:25 UTC 
If you mind to check http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2017-December/039040.html ,  does it suit your needs?
Comment 9 Luca Giuzzi 2017-12-08 20:19:38 UTC 
That change would be fine with me.
Comment 10 Fedora Update System 2017-12-19 10:17:57 UTC 
icedtea-web-1.7.1-1.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2017-0517b0fc3a
Comment 11 Fedora Update System 2017-12-19 10:18:57 UTC 
icedtea-web-1.7.1-1.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-11b43f49a4
Comment 12 Fedora Update System 2018-01-03 21:19:11 UTC 
icedtea-web-1.7.1-1.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.
Comment 13 Fedora Update System 2018-01-03 21:32:50 UTC 
icedtea-web-1.7.1-1.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.