[evolution] Bug #699797 - Verify SSL trust after redirection

From: Milan Crha <mcrha src gnome org>
To: commits-list gnome org
Cc:
Subject: [evolution] Bug #699797 - Verify SSL trust after redirection
Date: Fri, 18 Apr 2014 15:49:27 +0000 (UTC)
commit 192a2f785e70c7e5c2a3a7d311098a35ad93a63a
Author: Matt McCutchen <matt mattmccutchen net>
Date:   Fri Apr 18 17:49:03 2014 +0200

    Bug #699797 - Verify SSL trust after redirection

 modules/cal-config-caldav/e-caldav-chooser.c |   97 ++++----------------------
 1 files changed, 13 insertions(+), 84 deletions(-)
---
diff --git a/modules/cal-config-caldav/e-caldav-chooser.c b/modules/cal-config-caldav/e-caldav-chooser.c
index c0a96ec..77035c1 100644
--- a/modules/cal-config-caldav/e-caldav-chooser.c
+++ b/modules/cal-config-caldav/e-caldav-chooser.c
@@ -100,7 +100,8 @@ static void caldav_chooser_get_collection_details
                                (SoupSession *session,
                                 SoupMessage *message,
                                 const gchar *path_or_uri,
-                                GSimpleAsyncResult *simple);
+                                GSimpleAsyncResult *simple,
+                                Context *context);
 
 G_DEFINE_DYNAMIC_TYPE_EXTENDED (
        ECaldavChooser,
@@ -179,35 +180,6 @@ context_free (Context *context)
        g_slice_free (Context, context);
 }
 
-static ETrustPromptResponse
-trust_prompt_sync (const ENamedParameters *parameters,
-                   GCancellable *cancellable,
-                   GError **error)
-{
-       EUserPrompter *prompter;
-       gint response;
-
-       g_return_val_if_fail (parameters != NULL, E_TRUST_PROMPT_RESPONSE_UNKNOWN);
-
-       prompter = e_user_prompter_new ();
-       g_return_val_if_fail (prompter != NULL, E_TRUST_PROMPT_RESPONSE_UNKNOWN);
-
-       response = e_user_prompter_extension_prompt_sync (prompter, "ETrustPrompt::trust-prompt", parameters, 
NULL, cancellable, error);
-
-       g_object_unref (prompter);
-
-       if (response == 0)
-               return E_TRUST_PROMPT_RESPONSE_REJECT;
-       if (response == 1)
-               return E_TRUST_PROMPT_RESPONSE_ACCEPT;
-       if (response == 2)
-               return E_TRUST_PROMPT_RESPONSE_ACCEPT_TEMPORARILY;
-       if (response == -1)
-               return E_TRUST_PROMPT_RESPONSE_REJECT_TEMPORARILY;
-
-       return E_TRUST_PROMPT_RESPONSE_UNKNOWN;
-}
-
 static void
 caldav_chooser_redirect (SoupMessage *message,
                          SoupSession *session)
@@ -907,7 +879,8 @@ static void
 caldav_chooser_get_collection_details (SoupSession *session,
                                        SoupMessage *message,
                                        const gchar *path_or_uri,
-                                       GSimpleAsyncResult *simple)
+                                       GSimpleAsyncResult *simple,
+                                       Context *context)
 {
        SoupURI *soup_uri;
 
@@ -937,6 +910,8 @@ caldav_chooser_get_collection_details (SoupSession *session,
                NS_ICAL,   XC ("calendar-color"),
                NULL);
 
+       e_soup_ssl_trust_connect (message, context->source, context->registry, context->cancellable);
+
        /* This takes ownership of the message. */
        soup_session_queue_message (
                session, message, (SoupSessionCallback)
@@ -960,34 +935,6 @@ caldav_chooser_calendar_home_set_cb (SoupSession *session,
 
        context = g_simple_async_result_get_op_res_gpointer (simple);
 
-       if (message->status_code == SOUP_STATUS_SSL_FAILED) {
-               ETrustPromptResponse response;
-               ENamedParameters *parameters;
-               ESourceWebdav *extension;
-
-               extension = e_source_get_extension (context->source, E_SOURCE_EXTENSION_WEBDAV_BACKEND);
-               parameters = e_named_parameters_new ();
-
-               response = e_source_webdav_prepare_ssl_trust_prompt (extension, message, context->registry, 
parameters);
-               if (response == E_TRUST_PROMPT_RESPONSE_UNKNOWN) {
-                       response = trust_prompt_sync (parameters, context->cancellable, NULL);
-                       if (response != E_TRUST_PROMPT_RESPONSE_UNKNOWN)
-                               e_source_webdav_store_ssl_trust_prompt (extension, message, response);
-               }
-
-               e_named_parameters_free (parameters);
-
-               if (response == E_TRUST_PROMPT_RESPONSE_ACCEPT ||
-                   response == E_TRUST_PROMPT_RESPONSE_ACCEPT_TEMPORARILY) {
-                       g_object_set (context->session, SOUP_SESSION_SSL_STRICT, FALSE, NULL);
-
-                       soup_session_queue_message (
-                               context->session, g_object_ref (message), (SoupSessionCallback)
-                               caldav_chooser_calendar_home_set_cb, simple);
-                       return;
-               }
-       }
-
        doc = caldav_chooser_parse_xml (message, "multistatus", &error);
 
        /* If we were cancelled then we're in a GCancellable::cancelled
@@ -1127,7 +1074,7 @@ get_collection_details:
        xmlFreeDoc (doc);
 
        caldav_chooser_get_collection_details (
-               session, message, calendar_home_set, simple);
+               session, message, calendar_home_set, simple, context);
 
        g_free (calendar_home_set);
 
@@ -1149,6 +1096,8 @@ retry_propfind:
                NS_CALDAV, XC ("calendar-user-address-set"),
                NULL);
 
+       e_soup_ssl_trust_connect (message, context->source, context->registry, context->cancellable);
+
        /* This takes ownership of the message. */
        soup_session_queue_message (
                session, message, (SoupSessionCallback)
@@ -1408,31 +1357,9 @@ caldav_chooser_try_password_sync (ESourceAuthenticator *auth,
                        g_object_ref (session),
                        (GDestroyNotify) g_object_unref);
 
-       g_object_set (session, SOUP_SESSION_SSL_STRICT, TRUE, NULL);
-       g_object_set (chooser->priv->session, SOUP_SESSION_SSL_STRICT, TRUE, NULL);
-
-       if (soup_session_send_message (session, message) == SOUP_STATUS_SSL_FAILED) {
-               ETrustPromptResponse response;
-               ENamedParameters *parameters;
+       e_soup_ssl_trust_connect (message, source, chooser->priv->registry, cancellable);
 
-               parameters = e_named_parameters_new ();
-
-               response = e_source_webdav_prepare_ssl_trust_prompt (extension, message, 
chooser->priv->registry, parameters);
-               if (response == E_TRUST_PROMPT_RESPONSE_UNKNOWN) {
-                       response = trust_prompt_sync (parameters, cancellable, NULL);
-                       if (response != E_TRUST_PROMPT_RESPONSE_UNKNOWN)
-                               e_source_webdav_store_ssl_trust_prompt (extension, message, response);
-               }
-
-               e_named_parameters_free (parameters);
-
-               if (response == E_TRUST_PROMPT_RESPONSE_ACCEPT ||
-                   response == E_TRUST_PROMPT_RESPONSE_ACCEPT_TEMPORARILY) {
-                       g_object_set (session, SOUP_SESSION_SSL_STRICT, FALSE, NULL);
-                       g_object_set (chooser->priv->session, SOUP_SESSION_SSL_STRICT, FALSE, NULL);
-                       soup_session_send_message (session, message);
-               }
-       }
+       soup_session_send_message (session, message);
 
        if (cancel_id > 0)
                g_cancellable_disconnect (cancellable, cancel_id);
@@ -1618,6 +1545,8 @@ e_caldav_chooser_populate (ECaldavChooser *chooser,
                NS_WEBDAV, XC ("principal-URL"),
                NULL);
 
+       e_soup_ssl_trust_connect (message, source, context->registry, context->cancellable);
+
        /* This takes ownership of the message. */
        soup_session_queue_message (
                context->session, message, (SoupSessionCallback)
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]