Univention Bugzilla – Bug 37542
Optional workaround for java applets
Last modified: 2015-05-11 19:24:50 CEST
The java applets seem to be unable to use the UCS@school proxy. So an exception for squid has been suggested by a customer. The following ACL allows access for clients with a specific browser string: acl javauseragent browser -i Java/1\.[56789]\.[0-9]_[0-9][0-9] http_access allow javauseragent # Java Applets need to do SSL Cert verifications... acl always_allow_dst_domains dstdomain ocsp.verisign.com If UCS@school comes with a predefined ACL, this should be disabled by default but be easily activateable via e.g. UCR variables. The suggestion has to be checked for possible sideeffects.
The implementation/code change should be done via Bug 37543. The configuration (setting UCR variables) should be done in this bug.
ucs-school-webproxy (11.0.3-1) unstable; urgency=medium * Add script to enable Java Applet exception ACLs (Bug #37542)
Changelog r60005
The files are in a subdirectory 'share'. Please move them /usr/share/ucs-school-webproxy/share/ → /usr/share/ucs-school-webproxy/. Either restart squid after the UCR variables are set or print something like: """In order to active the changes please restart the squid daemon using the system service UMC module or the command "invoke-rc.d squid restart"."""
(In reply to Sönke Schwardt-Krummrich from comment #0) > # Java Applets need to do SSL Cert verifications... > acl always_allow_dst_domains dstdomain ocsp.verisign.com What about this?
(In reply to Florian Best from comment #4) > Either restart squid after the UCR variables are set or print something like: > """In order to active the changes please restart the squid daemon using the > system service UMC module or the command "invoke-rc.d squid restart".""" Please print a message, that a restart is required after activation.
(In reply to Florian Best from comment #5) > (In reply to Sönke Schwardt-Krummrich from comment #0) > > # Java Applets need to do SSL Cert verifications... > > acl always_allow_dst_domains dstdomain ocsp.verisign.com > What about this? Covered by user agent rules. Maintaining a whitelist of all OCSP servers seems inefficient.
ucs-school-webproxy (11.0.4-1) unstable; urgency=medium * Fix Windows Updater exception ACL (Bug #37541) * Fix script to enable Java Updater exception ACLs (Bug #37541) * Fix script to enable Java Applet exception ACLs (Bug #37542)
OK I readded the changelog entry (svn r60293) as Philipp removed it in svn r60119.
UCS@school 4.0 R2 v1 has been released: http://docs.univention.de/release-notes-ucsschool-4.0R2v1-de.html If this error occurs again, please use "Clone This Bug".