[epiphany/tls-errors: 1/2] Do not ignore TLS errors
- From: Michael Catanzaro <mcatanzaro src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [epiphany/tls-errors: 1/2] Do not ignore TLS errors
- Date: Mon, 7 Jul 2014 19:33:51 +0000 (UTC)
commit e306df7f8d22476248cc79ac894647eeaaa2d5d1
Author: Michael Catanzaro <mcatanzaro gnome org>
Date: Mon Jul 7 14:24:34 2014 -0500
Do not ignore TLS errors
Currently, Epiphany loads web pages even though it realizes the
connection may be insecure, displaying a broken lock in the address bar.
By this point, it's too late: the attacker already has your session
cookies. Display an error page instead. Based on groundwork by Brian
Holt.
This is the minimal reasonable implementation. We might also want:
* A user-friendly description
* A button to open the certificate viewer
* A mechanism by which to add the certificate to the trust database
src/ephy-shell.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
---
diff --git a/src/ephy-shell.c b/src/ephy-shell.c
index 00f1998..b16acdb 100644
--- a/src/ephy-shell.c
+++ b/src/ephy-shell.c
@@ -583,6 +583,9 @@ ephy_shell_init (EphyShell *shell)
G_CALLBACK (download_started_cb),
shell);
+ /* Do not ignore TLS errors. */
+ webkit_web_context_set_tls_errors_policy (web_context, WEBKIT_TLS_ERRORS_POLICY_FAIL);
+
/* Initialize the favicon cache as early as possible, or further
calls to webkit_web_context_get_favicon_database will fail. */
mode = ephy_embed_shell_get_mode (ephy_embed_shell_get_default ());
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]