[epiphany] Use SoupSession:ssl-use-system-ca-file property
- From: Dan Winship <danw src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [epiphany] Use SoupSession:ssl-use-system-ca-file property
- Date: Wed, 30 Nov 2011 11:36:13 +0000 (UTC)
commit 1455bc2e97d8d1d2fe071b7fba99abb3abefb6e6
Author: Dan Winship <danw gnome org>
Date: Wed Nov 30 10:20:40 2011 +0100
Use SoupSession:ssl-use-system-ca-file property
Rather than copying glib-networking's logic for finding the system
trusted CA file and then telling libsoup to use it, just use the new
ssl-use-system-ca-file property.
https://bugzilla.gnome.org/show_bug.cgi?id=633109
configure.ac | 35 +----------------------------------
embed/ephy-embed-single.c | 16 ++++------------
embed/ephy-web-view.c | 4 ----
3 files changed, 5 insertions(+), 50 deletions(-)
---
diff --git a/configure.ac b/configure.ac
index e0f80ea..5895a07 100644
--- a/configure.ac
+++ b/configure.ac
@@ -88,7 +88,7 @@ GTK_REQUIRED=3.0.2
LIBXML_REQUIRED=2.6.12
LIBXSLT_REQUIRED=1.1.7
WEBKIT_GTK_REQUIRED=1.6.1
-LIBSOUP_GNOME_REQUIRED=2.33.1
+LIBSOUP_GNOME_REQUIRED=2.37.1
GNOME_KEYRING_REQUIRED=2.26.0
GSETTINGS_DESKTOP_SCHEMAS_REQUIRED=0.0.1
LIBNOTIFY_REQUIRED=0.5.1
@@ -203,39 +203,6 @@ fi
AM_CONDITIONAL([ENABLE_SEED],[test "$enable_seed" = "yes"])
-# *********************
-# CA Certificate file
-# Stolen from GIO's TLS
-# *********************
-
-AC_MSG_CHECKING([location of system Certificate Authority list])
-AC_ARG_WITH(ca-file,
- [AC_HELP_STRING([--with-ca-file=@<:@path@:>@],
- [path to system Certificate Authority list])])
-if test "$with_ca_file" = "no"; then
- AC_MSG_RESULT([disabled])
-else
- if test -z "$with_ca_file"; then
- for f in /etc/pki/tls/certs/ca-bundle.crt \
- /etc/ssl/certs/ca-certificates.crt; do
- if test -f "$f"; then
- with_ca_file="$f"
- fi
- done
- if test -z "$with_ca_file"; then
- AC_MSG_ERROR([could not find. Use --with-ca-file=path to set, or --without-ca-file to disable])
- fi
- fi
-
- AC_MSG_RESULT($with_ca_file)
- if ! test -f "$with_ca_file"; then
- AC_MSG_ERROR([No such file '$with_ca_file'. Use --with-ca-file=path to set, or --without-ca-file to disable])
- fi
- GTLS_SYSTEM_CA_FILE="$with_ca_file"
-
- AC_DEFINE_UNQUOTED([GTLS_SYSTEM_CA_FILE], ["$GTLS_SYSTEM_CA_FILE"], [path to system Certificate Authority list])
-fi
-
# ***
# NSS
# ***
diff --git a/embed/ephy-embed-single.c b/embed/ephy-embed-single.c
index 547f492..74359ec 100644
--- a/embed/ephy-embed-single.c
+++ b/embed/ephy-embed-single.c
@@ -473,19 +473,11 @@ ephy_embed_single_initialize (EphyEmbedSingle *single)
session = webkit_get_default_session ();
-#ifdef GTLS_SYSTEM_CA_FILE
/* Check SSL certificates */
-
- if (g_file_test (GTLS_SYSTEM_CA_FILE, G_FILE_TEST_EXISTS)) {
- g_object_set (session,
- SOUP_SESSION_SSL_CA_FILE, GTLS_SYSTEM_CA_FILE,
- SOUP_SESSION_SSL_STRICT, FALSE,
- NULL);
- } else {
- g_warning (_("CA Certificates file we should use was not found, "\
- "all SSL sites will be considered to have a broken certificate."));
- }
-#endif
+ g_object_set (session,
+ SOUP_SESSION_SSL_USE_SYSTEM_CA_FILE, TRUE,
+ SOUP_SESSION_SSL_STRICT, FALSE,
+ NULL);
/* Store cookies in moz-compatible SQLite format */
filename = g_build_filename (ephy_dot_dir (), "cookies.sqlite", NULL);
diff --git a/embed/ephy-web-view.c b/embed/ephy-web-view.c
index cc5e61e..e55dfdc 100644
--- a/embed/ephy-web-view.c
+++ b/embed/ephy-web-view.c
@@ -1861,7 +1861,6 @@ load_status_cb (WebKitWebView *web_view,
ephy_web_view_set_title (view, NULL);
-#ifdef GTLS_SYSTEM_CA_FILE
if (uri && g_str_has_prefix (uri, "https")) {
WebKitWebFrame *frame;
WebKitWebDataSource *source;
@@ -1880,9 +1879,6 @@ load_status_cb (WebKitWebView *web_view,
security_level = EPHY_WEB_VIEW_STATE_IS_BROKEN;
} else
security_level = EPHY_WEB_VIEW_STATE_IS_UNKNOWN;
-#else
- security_level = EPHY_WEB_VIEW_STATE_IS_UNKNOWN;
-#endif
ephy_web_view_set_security_level (EPHY_WEB_VIEW (web_view), security_level);
}
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
