32 coaches online • Server time: 03:36
* * * Did you know? The most valuable player is Thursdaynight Guitarclub with 96 MVPs.
Log in
Recent Forum Topics goto Post [L] OBBA Smack Talk ...goto Post Cindy fumbling after...goto Post FUMBBL HAIKU'S
Java certificate update
Posted by: Christer on Dec20161212pm16, MonEurope/Stockholm2016-12-12T16:18:51+01:00Europe/Stockholm12bEurope/StockholmMon, 12 Dec 2016 16:18:51 +0100 %12, %2016 - %16:%Dec
With the new rules update that was recently released, work has slowly begun to implement some of the changes into the FFB client.

While we're not giving any promises for when this update will be released, there is a technical hoop for me to jump through. All java code that is runnable from a web context (ie, a browser) must be signed. To do this, a code signing certificate is used. These work more or less like an SSL certificate, except they are more expensive.

I have already sorted out the certificate on my end, but there is a slight issue with modern certificates. Over the last couple of years, the Internet (and world in general) has switched to a more secure underlying method for these certificates (specifically, the hash algorithm used has gone from SHA1 to SHA2). This in itself is a good thing(tm). As part of this process, what's called the "Root CA certificate" from the provider I use for code signing certificates has been switched to a new one (also signed with SHA2). This is also a good thing.

So you're asking yourself "Ok, so what's the problem?". FUMBBL has a relatively large number of users. Some of you have computers that are getting a bit old. And even more specifically, some of you have machines that can not run Java versions newer than Java 6 (Old mac computers, running MacOS older than Lion). From my quick look at the analytics, this is roughly 0.5% of you.

Now, with Java 6 being quite old, it's no longer being updated. No updates means that the built-in store of Root CA certificates isn't being updated. And that's the problem. Those of you who are running old versions of Java don't have the new Root CA certificate installed, which will cause some problems.

In theory, it would be possible to install this specific root CA into an old version of Java, but I have no reasonable way to verify if this would actually work.

If you have an old machine (in particular a mac running snow leopard or earlier with the last Apple-distributed Java), and a relatively technical mind, it would be great if you could get in touch with me. I have a very simple test application (which effectively does nothing) that I would like to see tested in an environment like that. Initially, it will probably fail, but I am hoping to be able to get it to a functional state by installing the correct root CA. If that doesn't work, things will get complicated..

For most of you, this doesn't really change much. You're already running a recent version of Java (Java 8 update 111 as I write this), which is what I always recommend. If so, consider this more of a public announcement that the certificate will be changing with the next FFB client update and you may get a warning that asks you if you trust me.