From 1455bc2e97d8d1d2fe071b7fba99abb3abefb6e6 Mon Sep 17 00:00:00 2001 From: Dan Winship Date: Wed, 30 Nov 2011 10:20:40 +0100 Subject: Use SoupSession:ssl-use-system-ca-file property Rather than copying glib-networking's logic for finding the system trusted CA file and then telling libsoup to use it, just use the new ssl-use-system-ca-file property. https://bugzilla.gnome.org/show_bug.cgi?id=633109 --- configure.ac | 35 +---------------------------------- embed/ephy-embed-single.c | 16 ++++------------ embed/ephy-web-view.c | 4 ---- 3 files changed, 5 insertions(+), 50 deletions(-) diff --git a/configure.ac b/configure.ac index e0f80ea1e..5895a07e9 100644 --- a/configure.ac +++ b/configure.ac @@ -88,7 +88,7 @@ GTK_REQUIRED=3.0.2 LIBXML_REQUIRED=2.6.12 LIBXSLT_REQUIRED=1.1.7 WEBKIT_GTK_REQUIRED=1.6.1 -LIBSOUP_GNOME_REQUIRED=2.33.1 +LIBSOUP_GNOME_REQUIRED=2.37.1 GNOME_KEYRING_REQUIRED=2.26.0 GSETTINGS_DESKTOP_SCHEMAS_REQUIRED=0.0.1 LIBNOTIFY_REQUIRED=0.5.1 @@ -203,39 +203,6 @@ fi AM_CONDITIONAL([ENABLE_SEED],[test "$enable_seed" = "yes"]) -# ********************* -# CA Certificate file -# Stolen from GIO's TLS -# ********************* - -AC_MSG_CHECKING([location of system Certificate Authority list]) -AC_ARG_WITH(ca-file, - [AC_HELP_STRING([--with-ca-file=@<:@path@:>@], - [path to system Certificate Authority list])]) -if test "$with_ca_file" = "no"; then - AC_MSG_RESULT([disabled]) -else - if test -z "$with_ca_file"; then - for f in /etc/pki/tls/certs/ca-bundle.crt \ - /etc/ssl/certs/ca-certificates.crt; do - if test -f "$f"; then - with_ca_file="$f" - fi - done - if test -z "$with_ca_file"; then - AC_MSG_ERROR([could not find. Use --with-ca-file=path to set, or --without-ca-file to disable]) - fi - fi - - AC_MSG_RESULT($with_ca_file) - if ! test -f "$with_ca_file"; then - AC_MSG_ERROR([No such file '$with_ca_file'. Use --with-ca-file=path to set, or --without-ca-file to disable]) - fi - GTLS_SYSTEM_CA_FILE="$with_ca_file" - - AC_DEFINE_UNQUOTED([GTLS_SYSTEM_CA_FILE], ["$GTLS_SYSTEM_CA_FILE"], [path to system Certificate Authority list]) -fi - # *** # NSS # *** diff --git a/embed/ephy-embed-single.c b/embed/ephy-embed-single.c index 547f49283..74359ecbc 100644 --- a/embed/ephy-embed-single.c +++ b/embed/ephy-embed-single.c @@ -473,19 +473,11 @@ ephy_embed_single_initialize (EphyEmbedSingle *single) session = webkit_get_default_session (); -#ifdef GTLS_SYSTEM_CA_FILE /* Check SSL certificates */ - - if (g_file_test (GTLS_SYSTEM_CA_FILE, G_FILE_TEST_EXISTS)) { - g_object_set (session, - SOUP_SESSION_SSL_CA_FILE, GTLS_SYSTEM_CA_FILE, - SOUP_SESSION_SSL_STRICT, FALSE, - NULL); - } else { - g_warning (_("CA Certificates file we should use was not found, "\ - "all SSL sites will be considered to have a broken certificate.")); - } -#endif + g_object_set (session, + SOUP_SESSION_SSL_USE_SYSTEM_CA_FILE, TRUE, + SOUP_SESSION_SSL_STRICT, FALSE, + NULL); /* Store cookies in moz-compatible SQLite format */ filename = g_build_filename (ephy_dot_dir (), "cookies.sqlite", NULL); diff --git a/embed/ephy-web-view.c b/embed/ephy-web-view.c index cc5e61ecc..e55dfdc7d 100644 --- a/embed/ephy-web-view.c +++ b/embed/ephy-web-view.c @@ -1861,7 +1861,6 @@ load_status_cb (WebKitWebView *web_view, ephy_web_view_set_title (view, NULL); -#ifdef GTLS_SYSTEM_CA_FILE if (uri && g_str_has_prefix (uri, "https")) { WebKitWebFrame *frame; WebKitWebDataSource *source; @@ -1880,9 +1879,6 @@ load_status_cb (WebKitWebView *web_view, security_level = EPHY_WEB_VIEW_STATE_IS_BROKEN; } else security_level = EPHY_WEB_VIEW_STATE_IS_UNKNOWN; -#else - security_level = EPHY_WEB_VIEW_STATE_IS_UNKNOWN; -#endif ephy_web_view_set_security_level (EPHY_WEB_VIEW (web_view), security_level); } -- cgit v1.2.3