Windows XP
Colossus 0.14.0
Java 1.7.0_40
Problem: Publisher UNKNOWN...
...and this version of Java asserts that a future version will block apps by UNKNOWN publishers. See attached sceen capture. Please fix this before we're stopped from playing Colossus Titan?
I suppose this happens because it is a self-signed certificate. Some kind of message related to that has always been there, but so far, IIRC it told who the publisher is (there was my name) but can't verify "is it really that one". So, until now one could say "I trust it no matter what".
Yes, its still like that for me - see attached screenshot. (however, that is openjdk 1.7.0...)
If they remove the possibility to trust the application (e.g. "because I know from where I downloaded it") that would be pretty extreme.
It might be that I did something wrong when creating the self-signed certificate.
That "a future version might ..." would mean probably Java 8 and there's some moments left before 1.7 becomes obsolete :)
I will further investigate that in near future but certainly not during this week.
Attached a screenshot of the warning with publisher shown (how it has always been).
Hi.
I used to be able to do that too, and it seems perfectly reasonable to me to be able to whitelist an unknown publisher. The problem is that since I recently "upgraded" Java that functionality has apparently gone backwards, and I now have to explicitly "trust" CT every time I try to run it.
Maybe something is not 100% with the last Java upgrade I installed.
Richard,
could you contact me by email? For example mail to "admin and then as at part the play-..... .net server"? Since I can't reproduce the problem, I might need to ask you at some point to retry it with a different jnlp file or new signed jar file, and that then posting here and waiting whether or when you notice it is ... not a thrilling perspective.
Thx,Clemens
I compared the cert info inside the META-INFO folder (inside the jar) from 0.13.2 and newest. Old one uses version 1 and new one version 3. Some googled page mentions, that v1 is widely used, v2 and v3 even less.
I suspect "your computer" (web start? installed cert software? whatever?) simply does not understand X.509 V3.
In Oracle/Sun keytool doc is written that it creates always v3 certs. (It can import and export v2 and v3 but how to use that?)
Perhaps I will need to create the cert with some other tool (openssl?) or need to find somewhere a ancient java installation with an ancient keytool :)
Hi, thanks for responding.
Re: "If they remove the possibility to trust the application (e.g. "because
I know from where I downloaded it") that would be pretty extreme."
possibly. Previously I could whitelist the certificate source, but not any
more. Sorry, I should have mentioned, I recently upgraded the version of
Java after being prompted to do so, and this change happened immediately
after that upgrade, so apparently there has been a change in the latest
version of Java - but maybe only in how it reacts to certificates that fail
validation, and not to how certificates are validated. On reflection I guess
certificate validation should be independent of Java. Presumably it just
happens that CT is the only thing I run that triggers and fails certificate
checks.
Re: "I suspect "your computer" (web start? installed cert software?
whatever?) simply does not understand X.509 V3"
could be, I don't know. Assuming the certificate is ok, how does one work
out if the certificate validation thing is broken, and how does one fix it?
I had a bit of a look around on my PC and on the net but I diddn't find
anything helpful. Might it be worth uninstalling and reinstalling CT, or
will that not affect the certificate?
I'm perfectly happy to email you directly, I actually prefer email, I only
raised a ticket 'cause it said to do so in preference to email :-)...
Re: 'mail to "admin and then as at part the play-..... .net server"'?
sorry if I'm being dim, but what do you mean? As subject or as email
address, or something else? I cannot compute.
Cheerio, and regards,
Richard Neville.
PS. I should have said previously: many thanks for building CT, it's pretty
good. Yes, the AI has some weaknesses, but I'm surprised it can even play a
half way decent game, and with six opponents, and the ever present
possibility of "Bad Die Rolls!" it still presents something of a challenge.
Before seeing it I would have expected that there were too many subtleties
and uncertainties to the game to be feasible to build some AI.
----- Original Message -----
From: Clemens Katzer
To: [colossus:bugs]
Sent: Wednesday, September 25, 2013 3:42 AM
Subject: [colossus:bugs] #901 No publisher?
Richard,
could you contact me by email? For example mail to "admin and then as at
part the play-..... .net server"? Since I can't reproduce the problem, I
might need to ask you at some point to retry it with a different jnlp file
or new signed jar file, and that then posting here and waiting whether or
when you notice it is ... not a thrilling perspective.
Thx,Clemens
[bugs:#901] No publisher?
Status: open
Labels: No publisher?
Created: Tue Sep 24, 2013 12:41 AM UTC by Richard
Last Updated: Tue Sep 24, 2013 04:48 PM UTC
Owner: nobody
Windows XP
Colossus 0.14.0
Java 1.7.0_40
Problem: Publisher UNKNOWN...
...and this version of Java asserts that a future version will block apps by
UNKNOWN publishers. See attached sceen capture. Please fix this before we're
stopped from playing Colossus Titan?
Sent from sourceforge.net because you indicated interest in
https://sourceforge.net/p/colossus/bugs/901/
To unsubscribe from further messages, please visit
https://sourceforge.net/auth/subscriptions/
Related
Bugs: #901
I replied to the mail that SF sent me about this ticket, but richard-x@users.sfsfsf.net (obfuscated) does not work. I suppose you haven't associated a real email with your sf account. Please send me a mail to nimda@plai-colussus.net (username backward and the typo plai vs. play fixed.)
So that I can send you the long mail I typed :)
Hi again.
I tried replying to the email address reconstructed as per the instructions in your last post, but the address was rejected. I also tried sending an email to that address but with what looked like another accidental typo [ie. "colussus" corrected to "colossus"], but that failed too.
I have so far received all five emails from you as emails, the same as the ones you posted here, obviously forwarded by sf, so I'm quite sure that I linked my correct email address to my account.
Thanks,
Richard Neville.
FWIW, it still works the nice way (ask for the publisher the first time, with a checkbox to trust that publisher in the future) on Linux Java 1.7.0_25. So it changed between 1.7.0_25 and 1.7.0_40.
Worst case, we need to get a free SSL certificate to make Java Web Start happy. Back when I originally made Colossus work with Java Web Start, there were no free SSL certificates, and I wasn't willing to pay hundreds of dollars for one, so I used a self-signed certificate and made users click through the warning. But now that several vendors offer free SSL certificates, and the warning message is more dire, it might be worth revisiting that decision.