You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
54 lines
1.9 KiB
54 lines
1.9 KiB
12 years ago
|
From 25a2824203ad199d69432940d2f1edda5b226e9e Mon Sep 17 00:00:00 2001
|
||
|
From: Philip Withnall <philip@tecnocode.co.uk>
|
||
|
Date: Thu, 8 Mar 2012 00:09:08 +0000
|
||
|
Subject: [PATCH] core: Validate SSL certificates for all connections
|
||
|
|
||
|
This prevents MitM attacks which use spoofed SSL certificates.
|
||
|
|
||
|
Closes: https://bugzilla.gnome.org/show_bug.cgi?id=671535
|
||
|
|
||
|
[Alexandre Rostovtsev <tetromino@gentoo.org>: backport to 0.8.1]
|
||
|
|
||
|
Conflicts:
|
||
|
|
||
|
gdata/gdata-service.c
|
||
|
---
|
||
|
configure.ac | 7 +++++++
|
||
|
gdata/gdata-service.c | 2 +-
|
||
|
2 files changed, 8 insertions(+), 1 deletions(-)
|
||
|
|
||
|
diff --git a/configure.ac b/configure.ac
|
||
|
index 449383d..ad23761 100644
|
||
|
--- a/configure.ac
|
||
|
+++ b/configure.ac
|
||
|
@@ -92,6 +92,13 @@ AC_CHECK_FUNCS([strtol])
|
||
|
AC_CHECK_FUNCS([strtoul])
|
||
|
AC_CHECK_HEADERS([sys/time.h])
|
||
|
|
||
|
+# System SSL CA certificates
|
||
|
+AC_ARG_WITH(ca-certs,
|
||
|
+ AS_HELP_STRING([--with-ca-certs=PATH],[location of SSL CA certificates (default: /etc/ssl/certs/ca-certificates.crt)]),
|
||
|
+ ca_certs="$withval",
|
||
|
+ ca_certs="/etc/ssl/certs/ca-certificates.crt")
|
||
|
+AC_DEFINE_UNQUOTED(CA_CERTS, "$ca_certs", [Where to look for SSL CA certificates])
|
||
|
+
|
||
|
# Internationalisation support
|
||
|
GETTEXT_PACKAGE=gdata
|
||
|
AC_DEFINE_UNQUOTED(GETTEXT_PACKAGE, ["$GETTEXT_PACKAGE"], [Define to the Gettext package name])
|
||
|
diff --git a/gdata/gdata-service.c b/gdata/gdata-service.c
|
||
|
index 420eec2..8d8d21c 100644
|
||
|
--- a/gdata/gdata-service.c
|
||
|
+++ b/gdata/gdata-service.c
|
||
|
@@ -273,7 +273,7 @@ static void
|
||
|
gdata_service_init (GDataService *self)
|
||
|
{
|
||
|
self->priv = G_TYPE_INSTANCE_GET_PRIVATE (self, GDATA_TYPE_SERVICE, GDataServicePrivate);
|
||
|
- self->priv->session = soup_session_sync_new ();
|
||
|
+ self->priv->session = soup_session_sync_new_with_options (SOUP_SESSION_SSL_CA_FILE, CA_CERTS, NULL);
|
||
|
|
||
|
#ifdef HAVE_GNOME
|
||
|
soup_session_add_feature_by_type (self->priv->session, SOUP_TYPE_GNOME_FEATURES_2_26);
|
||
|
--
|
||
|
1.7.8.5
|
||
|
|