[grilo/wip/hadess/tls-verification: 2/2] net: Fix TLS cert validation not being done for any network call

From: Bastien Nocera <hadess src gnome org>
To: commits-list gnome org
Cc:
Subject: [grilo/wip/hadess/tls-verification: 2/2] net: Fix TLS cert validation not being done for any network call
Date: Tue, 22 Jun 2021 12:15:24 +0000 (UTC)


commit cd2472e506dafb1bb8ae510e34ad4797f63e263e
Author: Bastien Nocera <hadess hadess net>
Date:   Mon Jun 21 15:00:14 2021 +0200

    net: Fix TLS cert validation not being done for any network call
    
    The default SoupSessionAsync behaviour does not perform any TLS certificate
    validation, unless the ssl-use-system-ca-file property is set to true.
    
    See 
https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/
    
    This mitigates CVE-2016-20011.
    
    Closes: #146

 libs/net/grl-net-wc.c | 1 +
 1 file changed, 1 insertion(+)
---
diff --git a/libs/net/grl-net-wc.c b/libs/net/grl-net-wc.c
index 5a8e89f5..5ff1d177 100644
--- a/libs/net/grl-net-wc.c
+++ b/libs/net/grl-net-wc.c
@@ -314,6 +314,7 @@ grl_net_wc_init (GrlNetWc *wc)
   wc->priv = grl_net_wc_get_instance_private (wc);
 
   wc->priv->session = soup_session_async_new ();
+  g_object_set (G_OBJECT (wc->priv->session), "ssl-use-system-ca-file", TRUE, NULL);
   wc->priv->pending = g_queue_new ();
 
   set_thread_context (wc);

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]