[librest] proxy: Force all SSL certificates to be trusted

From: Rob Bradford <rbradford src gnome org>
To: commits-list gnome org
Cc:
Subject: [librest] proxy: Force all SSL certificates to be trusted
Date: Thu, 10 Nov 2011 16:36:55 +0000 (UTC)

commit e01f2be50938a629cec7adaace3d7635282369d2
Author: Rob Bradford <rob linux intel com>
Date:   Thu Nov 10 16:26:07 2011 +0000

    proxy: Force all SSL certificates to be trusted
    
    By setting the CA file we make it a certificate error if the certificate
    is self-signed.
    
    Fixes: https://bugzilla.gnome.org/show_bug.cgi?id=663783

 rest/rest-proxy.c |   10 ++++++++++
 1 files changed, 10 insertions(+), 0 deletions(-)
---
diff --git a/rest/rest-proxy.c b/rest/rest-proxy.c
index 69bd90f..088fd0a 100644
--- a/rest/rest-proxy.c
+++ b/rest/rest-proxy.c
@@ -247,6 +247,16 @@ rest_proxy_init (RestProxy *self)
 
   priv->session = soup_session_async_new ();
   priv->session_sync = soup_session_sync_new ();
+
+  /* with ssl-strict (defaults TRUE) setting ssl-ca-file forces all
+   * certificates to be trusted */
+  g_object_set (priv->session,
+                "ssl-ca-file", REST_SYSTEM_CA_FILE,
+                NULL);
+  g_object_set (priv->session_sync,
+                "ssl-ca-file", REST_SYSTEM_CA_FILE,
+                NULL);
+
 #if WITH_GNOME
   soup_session_add_feature_by_type (priv->session,
                                     SOUP_TYPE_PROXY_RESOLVER_GNOME);

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]