diff options
author | Dan Winship <danw@gnome.org> | 2011-11-30 17:20:40 +0800 |
---|---|---|
committer | Dan Winship <danw@gnome.org> | 2011-11-30 17:20:40 +0800 |
commit | 1455bc2e97d8d1d2fe071b7fba99abb3abefb6e6 (patch) | |
tree | 784be879b3823b30e6105eac3e344bddcf444090 | |
parent | d1d329e512877f34d2109e65a267c883e0c87b06 (diff) | |
download | gsoc2013-epiphany-1455bc2e97d8d1d2fe071b7fba99abb3abefb6e6.tar gsoc2013-epiphany-1455bc2e97d8d1d2fe071b7fba99abb3abefb6e6.tar.gz gsoc2013-epiphany-1455bc2e97d8d1d2fe071b7fba99abb3abefb6e6.tar.bz2 gsoc2013-epiphany-1455bc2e97d8d1d2fe071b7fba99abb3abefb6e6.tar.lz gsoc2013-epiphany-1455bc2e97d8d1d2fe071b7fba99abb3abefb6e6.tar.xz gsoc2013-epiphany-1455bc2e97d8d1d2fe071b7fba99abb3abefb6e6.tar.zst gsoc2013-epiphany-1455bc2e97d8d1d2fe071b7fba99abb3abefb6e6.zip |
Use SoupSession:ssl-use-system-ca-file property
Rather than copying glib-networking's logic for finding the system
trusted CA file and then telling libsoup to use it, just use the new
ssl-use-system-ca-file property.
https://bugzilla.gnome.org/show_bug.cgi?id=633109
-rw-r--r-- | configure.ac | 35 | ||||
-rw-r--r-- | embed/ephy-embed-single.c | 16 | ||||
-rw-r--r-- | embed/ephy-web-view.c | 4 |
3 files changed, 5 insertions, 50 deletions
diff --git a/configure.ac b/configure.ac index e0f80ea1e..5895a07e9 100644 --- a/configure.ac +++ b/configure.ac @@ -88,7 +88,7 @@ GTK_REQUIRED=3.0.2 LIBXML_REQUIRED=2.6.12 LIBXSLT_REQUIRED=1.1.7 WEBKIT_GTK_REQUIRED=1.6.1 -LIBSOUP_GNOME_REQUIRED=2.33.1 +LIBSOUP_GNOME_REQUIRED=2.37.1 GNOME_KEYRING_REQUIRED=2.26.0 GSETTINGS_DESKTOP_SCHEMAS_REQUIRED=0.0.1 LIBNOTIFY_REQUIRED=0.5.1 @@ -203,39 +203,6 @@ fi AM_CONDITIONAL([ENABLE_SEED],[test "$enable_seed" = "yes"]) -# ********************* -# CA Certificate file -# Stolen from GIO's TLS -# ********************* - -AC_MSG_CHECKING([location of system Certificate Authority list]) -AC_ARG_WITH(ca-file, - [AC_HELP_STRING([--with-ca-file=@<:@path@:>@], - [path to system Certificate Authority list])]) -if test "$with_ca_file" = "no"; then - AC_MSG_RESULT([disabled]) -else - if test -z "$with_ca_file"; then - for f in /etc/pki/tls/certs/ca-bundle.crt \ - /etc/ssl/certs/ca-certificates.crt; do - if test -f "$f"; then - with_ca_file="$f" - fi - done - if test -z "$with_ca_file"; then - AC_MSG_ERROR([could not find. Use --with-ca-file=path to set, or --without-ca-file to disable]) - fi - fi - - AC_MSG_RESULT($with_ca_file) - if ! test -f "$with_ca_file"; then - AC_MSG_ERROR([No such file '$with_ca_file'. Use --with-ca-file=path to set, or --without-ca-file to disable]) - fi - GTLS_SYSTEM_CA_FILE="$with_ca_file" - - AC_DEFINE_UNQUOTED([GTLS_SYSTEM_CA_FILE], ["$GTLS_SYSTEM_CA_FILE"], [path to system Certificate Authority list]) -fi - # *** # NSS # *** diff --git a/embed/ephy-embed-single.c b/embed/ephy-embed-single.c index 547f49283..74359ecbc 100644 --- a/embed/ephy-embed-single.c +++ b/embed/ephy-embed-single.c @@ -473,19 +473,11 @@ ephy_embed_single_initialize (EphyEmbedSingle *single) session = webkit_get_default_session (); -#ifdef GTLS_SYSTEM_CA_FILE /* Check SSL certificates */ - - if (g_file_test (GTLS_SYSTEM_CA_FILE, G_FILE_TEST_EXISTS)) { - g_object_set (session, - SOUP_SESSION_SSL_CA_FILE, GTLS_SYSTEM_CA_FILE, - SOUP_SESSION_SSL_STRICT, FALSE, - NULL); - } else { - g_warning (_("CA Certificates file we should use was not found, "\ - "all SSL sites will be considered to have a broken certificate.")); - } -#endif + g_object_set (session, + SOUP_SESSION_SSL_USE_SYSTEM_CA_FILE, TRUE, + SOUP_SESSION_SSL_STRICT, FALSE, + NULL); /* Store cookies in moz-compatible SQLite format */ filename = g_build_filename (ephy_dot_dir (), "cookies.sqlite", NULL); diff --git a/embed/ephy-web-view.c b/embed/ephy-web-view.c index cc5e61ecc..e55dfdc7d 100644 --- a/embed/ephy-web-view.c +++ b/embed/ephy-web-view.c @@ -1861,7 +1861,6 @@ load_status_cb (WebKitWebView *web_view, ephy_web_view_set_title (view, NULL); -#ifdef GTLS_SYSTEM_CA_FILE if (uri && g_str_has_prefix (uri, "https")) { WebKitWebFrame *frame; WebKitWebDataSource *source; @@ -1880,9 +1879,6 @@ load_status_cb (WebKitWebView *web_view, security_level = EPHY_WEB_VIEW_STATE_IS_BROKEN; } else security_level = EPHY_WEB_VIEW_STATE_IS_UNKNOWN; -#else - security_level = EPHY_WEB_VIEW_STATE_IS_UNKNOWN; -#endif ephy_web_view_set_security_level (EPHY_WEB_VIEW (web_view), security_level); } |