aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDan Winship <danw@gnome.org>2011-11-30 17:20:40 +0800
committerDan Winship <danw@gnome.org>2011-11-30 17:20:40 +0800
commit1455bc2e97d8d1d2fe071b7fba99abb3abefb6e6 (patch)
tree784be879b3823b30e6105eac3e344bddcf444090
parentd1d329e512877f34d2109e65a267c883e0c87b06 (diff)
downloadgsoc2013-epiphany-1455bc2e97d8d1d2fe071b7fba99abb3abefb6e6.tar
gsoc2013-epiphany-1455bc2e97d8d1d2fe071b7fba99abb3abefb6e6.tar.gz
gsoc2013-epiphany-1455bc2e97d8d1d2fe071b7fba99abb3abefb6e6.tar.bz2
gsoc2013-epiphany-1455bc2e97d8d1d2fe071b7fba99abb3abefb6e6.tar.lz
gsoc2013-epiphany-1455bc2e97d8d1d2fe071b7fba99abb3abefb6e6.tar.xz
gsoc2013-epiphany-1455bc2e97d8d1d2fe071b7fba99abb3abefb6e6.tar.zst
gsoc2013-epiphany-1455bc2e97d8d1d2fe071b7fba99abb3abefb6e6.zip
Use SoupSession:ssl-use-system-ca-file property
Rather than copying glib-networking's logic for finding the system trusted CA file and then telling libsoup to use it, just use the new ssl-use-system-ca-file property. https://bugzilla.gnome.org/show_bug.cgi?id=633109
-rw-r--r--configure.ac35
-rw-r--r--embed/ephy-embed-single.c16
-rw-r--r--embed/ephy-web-view.c4
3 files changed, 5 insertions, 50 deletions
diff --git a/configure.ac b/configure.ac
index e0f80ea1e..5895a07e9 100644
--- a/configure.ac
+++ b/configure.ac
@@ -88,7 +88,7 @@ GTK_REQUIRED=3.0.2
LIBXML_REQUIRED=2.6.12
LIBXSLT_REQUIRED=1.1.7
WEBKIT_GTK_REQUIRED=1.6.1
-LIBSOUP_GNOME_REQUIRED=2.33.1
+LIBSOUP_GNOME_REQUIRED=2.37.1
GNOME_KEYRING_REQUIRED=2.26.0
GSETTINGS_DESKTOP_SCHEMAS_REQUIRED=0.0.1
LIBNOTIFY_REQUIRED=0.5.1
@@ -203,39 +203,6 @@ fi
AM_CONDITIONAL([ENABLE_SEED],[test "$enable_seed" = "yes"])
-# *********************
-# CA Certificate file
-# Stolen from GIO's TLS
-# *********************
-
-AC_MSG_CHECKING([location of system Certificate Authority list])
-AC_ARG_WITH(ca-file,
- [AC_HELP_STRING([--with-ca-file=@<:@path@:>@],
- [path to system Certificate Authority list])])
-if test "$with_ca_file" = "no"; then
- AC_MSG_RESULT([disabled])
-else
- if test -z "$with_ca_file"; then
- for f in /etc/pki/tls/certs/ca-bundle.crt \
- /etc/ssl/certs/ca-certificates.crt; do
- if test -f "$f"; then
- with_ca_file="$f"
- fi
- done
- if test -z "$with_ca_file"; then
- AC_MSG_ERROR([could not find. Use --with-ca-file=path to set, or --without-ca-file to disable])
- fi
- fi
-
- AC_MSG_RESULT($with_ca_file)
- if ! test -f "$with_ca_file"; then
- AC_MSG_ERROR([No such file '$with_ca_file'. Use --with-ca-file=path to set, or --without-ca-file to disable])
- fi
- GTLS_SYSTEM_CA_FILE="$with_ca_file"
-
- AC_DEFINE_UNQUOTED([GTLS_SYSTEM_CA_FILE], ["$GTLS_SYSTEM_CA_FILE"], [path to system Certificate Authority list])
-fi
-
# ***
# NSS
# ***
diff --git a/embed/ephy-embed-single.c b/embed/ephy-embed-single.c
index 547f49283..74359ecbc 100644
--- a/embed/ephy-embed-single.c
+++ b/embed/ephy-embed-single.c
@@ -473,19 +473,11 @@ ephy_embed_single_initialize (EphyEmbedSingle *single)
session = webkit_get_default_session ();
-#ifdef GTLS_SYSTEM_CA_FILE
/* Check SSL certificates */
-
- if (g_file_test (GTLS_SYSTEM_CA_FILE, G_FILE_TEST_EXISTS)) {
- g_object_set (session,
- SOUP_SESSION_SSL_CA_FILE, GTLS_SYSTEM_CA_FILE,
- SOUP_SESSION_SSL_STRICT, FALSE,
- NULL);
- } else {
- g_warning (_("CA Certificates file we should use was not found, "\
- "all SSL sites will be considered to have a broken certificate."));
- }
-#endif
+ g_object_set (session,
+ SOUP_SESSION_SSL_USE_SYSTEM_CA_FILE, TRUE,
+ SOUP_SESSION_SSL_STRICT, FALSE,
+ NULL);
/* Store cookies in moz-compatible SQLite format */
filename = g_build_filename (ephy_dot_dir (), "cookies.sqlite", NULL);
diff --git a/embed/ephy-web-view.c b/embed/ephy-web-view.c
index cc5e61ecc..e55dfdc7d 100644
--- a/embed/ephy-web-view.c
+++ b/embed/ephy-web-view.c
@@ -1861,7 +1861,6 @@ load_status_cb (WebKitWebView *web_view,
ephy_web_view_set_title (view, NULL);
-#ifdef GTLS_SYSTEM_CA_FILE
if (uri && g_str_has_prefix (uri, "https")) {
WebKitWebFrame *frame;
WebKitWebDataSource *source;
@@ -1880,9 +1879,6 @@ load_status_cb (WebKitWebView *web_view,
security_level = EPHY_WEB_VIEW_STATE_IS_BROKEN;
} else
security_level = EPHY_WEB_VIEW_STATE_IS_UNKNOWN;
-#else
- security_level = EPHY_WEB_VIEW_STATE_IS_UNKNOWN;
-#endif
ephy_web_view_set_security_level (EPHY_WEB_VIEW (web_view), security_level);
}