Use SoupSession:ssl-use-system-ca-file property

Rather than copying glib-networking's logic for finding the system
trusted CA file and then telling libsoup to use it, just use the new
ssl-use-system-ca-file property.

https://bugzilla.gnome.org/show_bug.cgi?id=633109

3 files changed, 5 insertions, 50 deletions

diff --git a/configure.ac b/configure.ac
index e0f80ea1e..5895a07e9 100644
--- a/configure.ac
+++ b/configure.ac
@@ -88,7 +88,7 @@ GTK_REQUIRED=3.0.2
 LIBXML_REQUIRED=2.6.12
 LIBXSLT_REQUIRED=1.1.7
 WEBKIT_GTK_REQUIRED=1.6.1
-LIBSOUP_GNOME_REQUIRED=2.33.1
+LIBSOUP_GNOME_REQUIRED=2.37.1
 GNOME_KEYRING_REQUIRED=2.26.0
 GSETTINGS_DESKTOP_SCHEMAS_REQUIRED=0.0.1
 LIBNOTIFY_REQUIRED=0.5.1
@@ -203,39 +203,6 @@ fi
 
 AM_CONDITIONAL([ENABLE_SEED],[test "$enable_seed" = "yes"])
 
-# *********************
-# CA Certificate file
-# Stolen from GIO's TLS
-# *********************
-
-AC_MSG_CHECKING([location of system Certificate Authority list])
-AC_ARG_WITH(ca-file,
-            [AC_HELP_STRING([--with-ca-file=@<:@path@:>@],
-                            [path to system Certificate Authority list])])
-if test "$with_ca_file" = "no"; then
-    AC_MSG_RESULT([disabled])
-else
-    if test -z "$with_ca_file"; then
-        for f in /etc/pki/tls/certs/ca-bundle.crt \
-                 /etc/ssl/certs/ca-certificates.crt; do
-            if test -f "$f"; then
-                with_ca_file="$f"
-            fi
-        done
-        if test -z "$with_ca_file"; then
-            AC_MSG_ERROR([could not find. Use --with-ca-file=path to set, or --without-ca-file to disable])
-        fi
-    fi
-
-    AC_MSG_RESULT($with_ca_file)
-    if ! test -f "$with_ca_file"; then
-        AC_MSG_ERROR([No such file '$with_ca_file'. Use --with-ca-file=path to set, or --without-ca-file to disable])
-    fi
-    GTLS_SYSTEM_CA_FILE="$with_ca_file"
-
-    AC_DEFINE_UNQUOTED([GTLS_SYSTEM_CA_FILE], ["$GTLS_SYSTEM_CA_FILE"], [path to system Certificate Authority list])
-fi
-
 # ***
 # NSS
 # ***
diff --git a/embed/ephy-embed-single.c b/embed/ephy-embed-single.c
index 547f49283..74359ecbc 100644
--- a/embed/ephy-embed-single.c
+++ b/embed/ephy-embed-single.c
@@ -473,19 +473,11 @@ ephy_embed_single_initialize (EphyEmbedSingle *single)
 
   session = webkit_get_default_session ();
 
-#ifdef GTLS_SYSTEM_CA_FILE
   /* Check SSL certificates */
-
-  if (g_file_test (GTLS_SYSTEM_CA_FILE, G_FILE_TEST_EXISTS)) {
-    g_object_set (session,
-                  SOUP_SESSION_SSL_CA_FILE, GTLS_SYSTEM_CA_FILE,
-                  SOUP_SESSION_SSL_STRICT, FALSE,
-                  NULL);
-  } else {
-    g_warning (_("CA Certificates file we should use was not found, "\
-                 "all SSL sites will be considered to have a broken certificate."));
-  }
-#endif
+  g_object_set (session,
+                SOUP_SESSION_SSL_USE_SYSTEM_CA_FILE, TRUE,
+                SOUP_SESSION_SSL_STRICT, FALSE,
+                NULL);
 
   /* Store cookies in moz-compatible SQLite format */
   filename = g_build_filename (ephy_dot_dir (), "cookies.sqlite", NULL);
diff --git a/embed/ephy-web-view.c b/embed/ephy-web-view.c
index cc5e61ecc..e55dfdc7d 100644
--- a/embed/ephy-web-view.c
+++ b/embed/ephy-web-view.c
@@ -1861,7 +1861,6 @@ load_status_cb (WebKitWebView *web_view,
 
       ephy_web_view_set_title (view, NULL);
 
-#ifdef GTLS_SYSTEM_CA_FILE
       if (uri && g_str_has_prefix (uri, "https")) {
         WebKitWebFrame *frame;
         WebKitWebDataSource *source;
@@ -1880,9 +1879,6 @@ load_status_cb (WebKitWebView *web_view,
           security_level = EPHY_WEB_VIEW_STATE_IS_BROKEN;
       } else
         security_level = EPHY_WEB_VIEW_STATE_IS_UNKNOWN;
-#else
-      security_level = EPHY_WEB_VIEW_STATE_IS_UNKNOWN;
-#endif
 
       ephy_web_view_set_security_level (EPHY_WEB_VIEW (web_view), security_level);
     }