[libsoup/carlosgc/system-ca-file: 2/2] session: Remove ssl-use-system-ca-file property
- From: Carlos Garcia Campos <carlosgc src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [libsoup/carlosgc/system-ca-file: 2/2] session: Remove ssl-use-system-ca-file property
- Date: Fri, 19 Feb 2021 09:05:29 +0000 (UTC)
commit f813d3d82ec4366b5349fc42eca4e1fbb2a332c5
Author: Carlos Garcia Campos <cgarcia igalia com>
Date: Thu Feb 18 15:21:04 2021 +0100
session: Remove ssl-use-system-ca-file property
SoupSession:tls-database is enough. When not set the default will be
used. Also ensure that we don't get the default tls database and proxy
resolver unless the property getters are called.
libsoup/soup-connection.c | 16 +++--
libsoup/soup-session.c | 151 +++++++++++----------------------------
libsoup/soup-socket-properties.c | 37 ++++++++--
libsoup/soup-socket-properties.h | 21 +++---
tests/session-test.c | 14 ----
tests/ssl-test.c | 6 +-
6 files changed, 99 insertions(+), 146 deletions(-)
---
diff --git a/libsoup/soup-connection.c b/libsoup/soup-connection.c
index c47e962e..ecbd8693 100644
--- a/libsoup/soup-connection.c
+++ b/libsoup/soup-connection.c
@@ -399,11 +399,13 @@ new_socket_client (SoupConnection *conn)
G_CALLBACK (re_emit_socket_event),
conn, 0);
- if (props->proxy_resolver) {
- g_socket_client_set_proxy_resolver (client, props->proxy_resolver);
- g_socket_client_add_application_proxy (client, "http");
- } else
- g_socket_client_set_enable_proxy (client, FALSE);
+ if (!props->proxy_use_default) {
+ if (props->proxy_resolver) {
+ g_socket_client_set_proxy_resolver (client, props->proxy_resolver);
+ g_socket_client_add_application_proxy (client, "http");
+ } else
+ g_socket_client_set_enable_proxy (client, FALSE);
+ }
if (props->io_timeout)
g_socket_client_set_timeout (client, props->io_timeout);
if (props->local_addr)
@@ -442,13 +444,15 @@ new_tls_connection (SoupConnection *conn,
priv->cancellable, error,
"base-io-stream", connection,
"server-identity", priv->remote_connectable,
- "database", priv->socket_props->tlsdb,
"require-close-notify", FALSE,
"interaction", priv->socket_props->tls_interaction,
NULL);
if (!tls_connection)
return NULL;
+ if (!priv->socket_props->tlsdb_use_default)
+ g_tls_connection_set_database (G_TLS_CONNECTION (tls_connection), priv->socket_props->tlsdb);
+
g_signal_connect_object (tls_connection, "accept-certificate",
G_CALLBACK (tls_connection_accept_certificate),
conn, G_CONNECT_SWAPPED);
diff --git a/libsoup/soup-session.c b/libsoup/soup-session.c
index 37db0cdc..d4fb5988 100644
--- a/libsoup/soup-session.c
+++ b/libsoup/soup-session.c
@@ -102,7 +102,6 @@ typedef struct {
GProxyResolver *proxy_resolver;
gboolean proxy_use_default;
- GUri *proxy_uri;
SoupSocketProperties *socket_props;
@@ -176,7 +175,6 @@ enum {
PROP_PROXY_RESOLVER,
PROP_MAX_CONNS,
PROP_MAX_CONNS_PER_HOST,
- PROP_SSL_USE_SYSTEM_CA_FILE,
PROP_TLS_DATABASE,
PROP_ASYNC_CONTEXT,
PROP_TIMEOUT,
@@ -303,7 +301,6 @@ soup_session_finalize (GObject *object)
g_hash_table_destroy (priv->features_cache);
g_clear_object (&priv->proxy_resolver);
- g_clear_pointer (&priv->proxy_uri, g_uri_unref);
g_clear_pointer (&priv->socket_props, soup_socket_properties_unref);
@@ -319,89 +316,66 @@ ensure_socket_props (SoupSession *session)
if (priv->socket_props)
return;
- if (priv->proxy_use_default) {
- priv->proxy_resolver = g_object_ref (g_proxy_resolver_get_default ());
- priv->proxy_use_default = FALSE;
- }
- if (priv->tlsdb_use_default) {
- priv->tlsdb = g_tls_backend_get_default_database (g_tls_backend_get_default ());
- priv->tlsdb_use_default = FALSE;
- }
-
- priv->socket_props = soup_socket_properties_new (priv->proxy_resolver,
- priv->local_addr,
- priv->tlsdb,
+ priv->socket_props = soup_socket_properties_new (priv->local_addr,
priv->tls_interaction,
priv->io_timeout,
priv->idle_timeout);
+ if (!priv->proxy_use_default)
+ soup_socket_properties_set_proxy_resolver (priv->socket_props, priv->proxy_resolver);
+ if (!priv->tlsdb_use_default)
+ soup_socket_properties_set_tls_database (priv->socket_props, priv->tlsdb);
}
static void
-set_tlsdb (SoupSession *session, GTlsDatabase *tlsdb)
+set_tlsdb (SoupSession *session,
+ GTlsDatabase *tlsdb)
{
SoupSessionPrivate *priv = soup_session_get_instance_private (session);
- GTlsDatabase *system_default;
priv->tlsdb_use_default = FALSE;
if (tlsdb == priv->tlsdb)
return;
- g_object_freeze_notify (G_OBJECT (session));
-
- system_default = g_tls_backend_get_default_database (g_tls_backend_get_default ());
- if (system_default) {
- if (priv->tlsdb == system_default || tlsdb == system_default) {
- g_object_notify (G_OBJECT (session), "ssl-use-system-ca-file");
- }
- g_object_unref (system_default);
- }
-
- if (priv->tlsdb)
- g_object_unref (priv->tlsdb);
- priv->tlsdb = tlsdb;
- if (priv->tlsdb)
- g_object_ref (priv->tlsdb);
-
+ g_clear_object (&priv->tlsdb);
+ priv->tlsdb = tlsdb ? g_object_ref (tlsdb) : NULL;
g_object_notify (G_OBJECT (session), "tls-database");
- g_object_thaw_notify (G_OBJECT (session));
}
-static void
-set_use_system_ca_file (SoupSession *session, gboolean use_system_ca_file)
+static GTlsDatabase *
+get_tlsdb (SoupSession *session)
{
SoupSessionPrivate *priv = soup_session_get_instance_private (session);
- GTlsDatabase *system_default;
- priv->tlsdb_use_default = FALSE;
-
- system_default = g_tls_backend_get_default_database (g_tls_backend_get_default ());
-
- if (use_system_ca_file)
- set_tlsdb (session, system_default);
- else if (priv->tlsdb == system_default)
- set_tlsdb (session, NULL);
+ if (priv->tlsdb_use_default && !priv->tlsdb)
+ priv->tlsdb = g_tls_backend_get_default_database (g_tls_backend_get_default ());
- g_clear_object (&system_default);
+ return priv->tlsdb;
}
static void
-set_proxy_resolver (SoupSession *session, GUri *uri,
+set_proxy_resolver (SoupSession *session,
GProxyResolver *g_resolver)
{
SoupSessionPrivate *priv = soup_session_get_instance_private (session);
- g_clear_object (&priv->proxy_resolver);
- g_clear_pointer (&priv->proxy_uri, g_uri_unref);
+
priv->proxy_use_default = FALSE;
+ if (priv->proxy_resolver == g_resolver)
+ return;
- if (uri) {
- char *uri_string;
+ g_clear_object (&priv->proxy_resolver);
+ priv->proxy_resolver = g_resolver ? g_object_ref (g_resolver) : NULL;
+ g_object_notify (G_OBJECT (session), "proxy-resolver");
+}
+
+static GProxyResolver *
+get_proxy_resolver (SoupSession *session)
+{
+ SoupSessionPrivate *priv = soup_session_get_instance_private (session);
- priv->proxy_uri = soup_uri_copy_with_normalized_flags (uri);
- uri_string = g_uri_to_string (uri);
- priv->proxy_resolver = g_simple_proxy_resolver_new (uri_string, NULL);
- g_free (uri_string);
- } else if (g_resolver)
- priv->proxy_resolver = g_object_ref (g_resolver);
+ if (!priv->proxy_use_default)
+ return priv->proxy_resolver;
+
+ return g_proxy_resolver_get_default ();
}
static void
@@ -419,8 +393,7 @@ soup_session_set_property (GObject *object, guint prop_id,
socket_props_changed = TRUE;
break;
case PROP_PROXY_RESOLVER:
- set_proxy_resolver (session, NULL,
- g_value_get_object (value));
+ set_proxy_resolver (session, g_value_get_object (value));
socket_props_changed = TRUE;
break;
case PROP_MAX_CONNS:
@@ -429,10 +402,6 @@ soup_session_set_property (GObject *object, guint prop_id,
case PROP_MAX_CONNS_PER_HOST:
priv->max_conns_per_host = g_value_get_int (value);
break;
- case PROP_SSL_USE_SYSTEM_CA_FILE:
- set_use_system_ca_file (session, g_value_get_boolean (value));
- socket_props_changed = TRUE;
- break;
case PROP_TLS_DATABASE:
set_tlsdb (session, g_value_get_object (value));
socket_props_changed = TRUE;
@@ -501,17 +470,13 @@ soup_session_get_property (GObject *object, guint prop_id,
{
SoupSession *session = SOUP_SESSION (object);
SoupSessionPrivate *priv = soup_session_get_instance_private (session);
- GTlsDatabase *tlsdb;
switch (prop_id) {
case PROP_LOCAL_ADDRESS:
g_value_set_object (value, priv->local_addr);
break;
case PROP_PROXY_RESOLVER:
- g_mutex_lock (&priv->conn_lock);
- ensure_socket_props (session);
- g_mutex_unlock (&priv->conn_lock);
- g_value_set_object (value, priv->proxy_resolver);
+ g_value_set_object (value, get_proxy_resolver (session));
break;
case PROP_MAX_CONNS:
g_value_set_int (value, priv->max_conns);
@@ -519,19 +484,8 @@ soup_session_get_property (GObject *object, guint prop_id,
case PROP_MAX_CONNS_PER_HOST:
g_value_set_int (value, priv->max_conns_per_host);
break;
- case PROP_SSL_USE_SYSTEM_CA_FILE:
- tlsdb = g_tls_backend_get_default_database (g_tls_backend_get_default ());
- g_mutex_lock (&priv->conn_lock);
- ensure_socket_props (session);
- g_mutex_unlock (&priv->conn_lock);
- g_value_set_boolean (value, priv->tlsdb == tlsdb);
- g_clear_object (&tlsdb);
- break;
case PROP_TLS_DATABASE:
- g_mutex_lock (&priv->conn_lock);
- ensure_socket_props (session);
- g_mutex_unlock (&priv->conn_lock);
- g_value_set_object (value, priv->tlsdb);
+ g_value_set_object (value, get_tlsdb (session));
break;
case PROP_TLS_INTERACTION:
g_value_set_object (value, priv->tls_interaction);
@@ -2205,11 +2159,11 @@ soup_session_class_init (SoupSessionClass *session_class)
*
* A #GProxyResolver to use with this session.
*
- * By default, in a plain #SoupSession, this is set to the
- * default #GProxyResolver, but you can set it to %NULL if you
- * don't want to use proxies, or set it to your own
- * #GProxyResolver if you want to control what proxies get
- * used.
+ * If no proxy resolver is set, then the default proxy resolver
+ * will be used. See g_proxy_resolver_get_default().
+ * You can set it to %NULL if you don't want to use proxies, or
+ * set it to your own #GProxyResolver if you want to control
+ * what proxies get used.
*
*/
g_object_class_install_property (
@@ -2262,37 +2216,14 @@ soup_session_class_init (SoupSessionClass *session_class)
G_PARAM_READWRITE |
G_PARAM_STATIC_STRINGS));
- /**
- * SoupSession:ssl-use-system-ca-file:
- *
- * Setting this to %TRUE is equivalent to setting
- * #SoupSession:tls-database to the default system CA database.
- * (and likewise, setting #SoupSession:tls-database to the
- * default database by hand will cause this property to
- * become %TRUE).
- *
- * Setting this to %FALSE (when it was previously %TRUE) will
- * clear the #SoupSession:tls-database field.
- *
- **/
- g_object_class_install_property (
- object_class, PROP_SSL_USE_SYSTEM_CA_FILE,
- g_param_spec_boolean ("ssl-use-system-ca-file",
- "Use system CA file",
- "Use the system certificate database",
- TRUE,
- G_PARAM_READWRITE |
- G_PARAM_STATIC_STRINGS));
/**
* SoupSession:tls-database:
*
* Sets the #GTlsDatabase to use for validating SSL/TLS
* certificates.
*
- * Note that setting the
- * #SoupSession:ssl-use-system-ca-file property will cause
- * this property to be set to a #GTlsDatabase corresponding to
- * the indicated file or system default.
+ * If no certificate database is set, then the default database will be
+ * used. See g_tls_backend_get_default_database().
*
**/
g_object_class_install_property (
diff --git a/libsoup/soup-socket-properties.c b/libsoup/soup-socket-properties.c
index 5ceecd76..c41948c9 100644
--- a/libsoup/soup-socket-properties.c
+++ b/libsoup/soup-socket-properties.c
@@ -11,23 +11,21 @@
#include "soup.h"
SoupSocketProperties *
-soup_socket_properties_new (GProxyResolver *proxy_resolver,
- GInetSocketAddress *local_addr,
- GTlsDatabase *tlsdb,
+soup_socket_properties_new (GInetSocketAddress *local_addr,
GTlsInteraction *tls_interaction,
guint io_timeout,
guint idle_timeout)
{
SoupSocketProperties *props;
- props = g_slice_new (SoupSocketProperties);
+ props = g_slice_new0 (SoupSocketProperties);
g_atomic_ref_count_init (&props->ref_count);
- props->proxy_resolver = proxy_resolver ? g_object_ref (proxy_resolver) : NULL;
- props->local_addr = local_addr ? g_object_ref (local_addr) : NULL;
+ props->proxy_use_default = TRUE;
+ props->tlsdb_use_default = TRUE;
- props->tlsdb = tlsdb ? g_object_ref (tlsdb) : NULL;
+ props->local_addr = local_addr ? g_object_ref (local_addr) : NULL;
props->tls_interaction = tls_interaction ? g_object_ref (tls_interaction) : NULL;
props->io_timeout = io_timeout;
@@ -57,5 +55,30 @@ soup_socket_properties_unref (SoupSocketProperties *props)
g_slice_free (SoupSocketProperties, props);
}
+void
+soup_socket_properties_set_proxy_resolver (SoupSocketProperties *props,
+ GProxyResolver *proxy_resolver)
+{
+ props->proxy_use_default = FALSE;
+
+ if (props->proxy_resolver == proxy_resolver)
+ return;
+
+ g_clear_object (&props->proxy_resolver);
+ props->proxy_resolver = proxy_resolver ? g_object_ref (proxy_resolver) : NULL;
+}
+
+void
+soup_socket_properties_set_tls_database (SoupSocketProperties *props,
+ GTlsDatabase *tlsdb)
+{
+ props->tlsdb_use_default = FALSE;
+
+ if (props->tlsdb == tlsdb)
+ return;
+
+ g_clear_object (&props->tlsdb);
+ props->tlsdb = tlsdb ? g_object_ref (tlsdb) : NULL;
+}
G_DEFINE_BOXED_TYPE (SoupSocketProperties, soup_socket_properties, soup_socket_properties_ref,
soup_socket_properties_unref)
diff --git a/libsoup/soup-socket-properties.h b/libsoup/soup-socket-properties.h
index 8f77a43d..c458efe9 100644
--- a/libsoup/soup-socket-properties.h
+++ b/libsoup/soup-socket-properties.h
@@ -10,9 +10,11 @@
typedef struct {
GProxyResolver *proxy_resolver;
+ gboolean proxy_use_default;
GInetSocketAddress *local_addr;
GTlsDatabase *tlsdb;
+ gboolean tlsdb_use_default;
GTlsInteraction *tls_interaction;
guint io_timeout;
@@ -25,14 +27,17 @@ typedef struct {
GType soup_socket_properties_get_type (void);
#define SOUP_TYPE_SOCKET_PROPERTIES (soup_socket_properties_get_type ())
-SoupSocketProperties *soup_socket_properties_new (GProxyResolver *proxy_resolver,
- GInetSocketAddress *local_addr,
- GTlsDatabase *tlsdb,
- GTlsInteraction *tls_interaction,
- guint io_timeout,
- guint idle_timeout);
+SoupSocketProperties *soup_socket_properties_new (GInetSocketAddress *local_addr,
+ GTlsInteraction *tls_interaction,
+ guint io_timeout,
+ guint idle_timeout);
-SoupSocketProperties *soup_socket_properties_ref (SoupSocketProperties *props);
-void soup_socket_properties_unref (SoupSocketProperties *props);
+SoupSocketProperties *soup_socket_properties_ref (SoupSocketProperties *props);
+void soup_socket_properties_unref (SoupSocketProperties *props);
+
+void soup_socket_properties_set_proxy_resolver (SoupSocketProperties *props,
+ GProxyResolver *proxy_resolver);
+void soup_socket_properties_set_tls_database (SoupSocketProperties *props,
+ GTlsDatabase *tlsdb);
#endif /* __SOUP_SOCKET_PROPERTIES_H__ */
diff --git a/tests/session-test.c b/tests/session-test.c
index 9053f37b..dc503e73 100644
--- a/tests/session-test.c
+++ b/tests/session-test.c
@@ -317,20 +317,6 @@ do_property_tests (void)
g_object_unref (tlsdb);
g_object_unref (session);
}
-
- session = g_object_new (SOUP_TYPE_SESSION,
- "ssl-use-system-ca-file", FALSE,
- NULL);
- test_session_properties ("Session with :ssl-use-system-ca-file FALSE", session,
- default_proxy_resolver, NULL);
- g_object_unref (session);
-
- session = g_object_new (SOUP_TYPE_SESSION,
- "ssl-use-system-ca-file", TRUE,
- NULL);
- test_session_properties ("Session with :ssl-use-system-ca-file TRUE", session,
- default_proxy_resolver, default_tlsdb);
- g_object_unref (session);
}
static gint
diff --git a/tests/ssl-test.c b/tests/ssl-test.c
index 2845494b..ecd173dd 100644
--- a/tests/ssl-test.c
+++ b/tests/ssl-test.c
@@ -44,9 +44,13 @@ do_strictness_test (gconstpointer data)
session = soup_test_session_new (NULL);
if (!test->with_ca_list) {
+ GTlsDatabase *tlsdb;
+
+ tlsdb = g_tls_backend_get_default_database (g_tls_backend_get_default ());
g_object_set (G_OBJECT (session),
- "ssl-use-system-ca-file", TRUE,
+ "tls-database", tlsdb,
NULL);
+ g_object_unref (tlsdb);
}
msg = soup_message_new_from_uri ("GET", uri);
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
