[epiphany/tls-errors: 1/2] Do not ignore TLS errors

From: Michael Catanzaro <mcatanzaro src gnome org>
To: commits-list gnome org
Cc:
Subject: [epiphany/tls-errors: 1/2] Do not ignore TLS errors
Date: Mon, 7 Jul 2014 19:33:51 +0000 (UTC)

commit e306df7f8d22476248cc79ac894647eeaaa2d5d1
Author: Michael Catanzaro <mcatanzaro gnome org>
Date:   Mon Jul 7 14:24:34 2014 -0500

    Do not ignore TLS errors
    
    Currently, Epiphany loads web pages even though it realizes the
    connection may be insecure, displaying a broken lock in the address bar.
    By this point, it's too late: the attacker already has your session
    cookies. Display an error page instead. Based on groundwork by Brian
    Holt.
    
    This is the minimal reasonable implementation. We might also want:
    
    * A user-friendly description
    * A button to open the certificate viewer
    * A mechanism by which to add the certificate to the trust database

 src/ephy-shell.c |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)
---
diff --git a/src/ephy-shell.c b/src/ephy-shell.c
index 00f1998..b16acdb 100644
--- a/src/ephy-shell.c
+++ b/src/ephy-shell.c
@@ -583,6 +583,9 @@ ephy_shell_init (EphyShell *shell)
                     G_CALLBACK (download_started_cb),
                     shell);
 
+  /* Do not ignore TLS errors. */
+  webkit_web_context_set_tls_errors_policy (web_context, WEBKIT_TLS_ERRORS_POLICY_FAIL);
+
   /* Initialize the favicon cache as early as possible, or further
      calls to webkit_web_context_get_favicon_database will fail. */
   mode = ephy_embed_shell_get_mode (ephy_embed_shell_get_default ());

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]