[libgdata/libgdata-0-10] core: Validate SSL certificates for all connections
- From: Philip Withnall <pwithnall src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [libgdata/libgdata-0-10] core: Validate SSL certificates for all connections
- Date: Mon, 12 Mar 2012 09:28:51 +0000 (UTC)
commit 8eff8fa9138859e03e58c2aa76600ab63eb5c29c
Author: Philip Withnall <philip tecnocode co uk>
Date: Thu Mar 8 00:09:08 2012 +0000
core: Validate SSL certificates for all connections
This prevents MitM attacks which use spoofed SSL certificates.
Closes: https://bugzilla.gnome.org/show_bug.cgi?id=671535
configure.ac | 7 +++++++
gdata/gdata-service.c | 2 +-
2 files changed, 8 insertions(+), 1 deletions(-)
---
diff --git a/configure.ac b/configure.ac
index 5c8d9ce..c8840b9 100644
--- a/configure.ac
+++ b/configure.ac
@@ -97,6 +97,13 @@ AC_CHECK_FUNCS([strtol])
AC_CHECK_FUNCS([strtoul])
AC_CHECK_HEADERS([sys/time.h])
+# System SSL CA certificates
+AC_ARG_WITH(ca-certs,
+ AS_HELP_STRING([--with-ca-certs=PATH],[location of SSL CA certificates (default: /etc/ssl/certs/ca-certificates.crt)]),
+ ca_certs="$withval",
+ ca_certs="/etc/ssl/certs/ca-certificates.crt")
+AC_DEFINE_UNQUOTED(CA_CERTS, "$ca_certs", [Where to look for SSL CA certificates])
+
# Internationalisation support
GETTEXT_PACKAGE=gdata
AC_DEFINE_UNQUOTED(GETTEXT_PACKAGE, ["$GETTEXT_PACKAGE"], [Define to the Gettext package name])
diff --git a/gdata/gdata-service.c b/gdata/gdata-service.c
index c9dce29..f2fed32 100644
--- a/gdata/gdata-service.c
+++ b/gdata/gdata-service.c
@@ -2042,7 +2042,7 @@ _gdata_service_get_log_level (void)
SoupSession *
_gdata_service_build_session (void)
{
- SoupSession *session = soup_session_sync_new ();
+ SoupSession *session = soup_session_sync_new_with_options (SOUP_SESSION_SSL_CA_FILE, CA_CERTS, NULL);
#ifdef HAVE_GNOME
soup_session_add_feature_by_type (session, SOUP_TYPE_GNOME_FEATURES_2_26);
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
