From 3e0f7dea754381c5ad11a06ccc62eb153382b498 Mon Sep 17 00:00:00 2001
From: Gustavo Noronha Silva <gns@gnome.org>
Date: Thu, 18 Feb 2010 14:30:49 -0200
Subject: Report broken certs through the padlock icon

This uses a new feature in libsoup that reports through a
SoupMessageFlag whether the message is talking to a server that has a
trusted server.

Bug #600663
---
 embed/ephy-embed-single.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

(limited to 'embed/ephy-embed-single.c')

diff --git a/embed/ephy-embed-single.c b/embed/ephy-embed-single.c
index 44efecaed..8c05532df 100644
--- a/embed/ephy-embed-single.c
+++ b/embed/ephy-embed-single.c
@@ -39,6 +39,7 @@
 #endif
 
 #include <webkit/webkit.h>
+#include <glib/gi18n.h>
 #include <libsoup/soup-gnome.h>
 #include <gnome-keyring.h>
 
@@ -481,6 +482,20 @@ ephy_embed_single_initialize (EphyEmbedSingle *single)
 
   session = webkit_get_default_session ();
 
+#ifdef GTLS_SYSTEM_CA_FILE
+  /* Check SSL certificates */
+
+  if (g_file_test (GTLS_SYSTEM_CA_FILE, G_FILE_TEST_EXISTS)) {
+    g_object_set (session,
+                  SOUP_SESSION_SSL_CA_FILE, GTLS_SYSTEM_CA_FILE,
+                  "ignore-ssl-cert-errors", TRUE,
+                  NULL);
+  } else {
+    g_warning (_("CA Certificates file we should use was not found, "\
+                 "all SSL sites will be considered to have a broken certificate."));
+  }
+#endif
+
   /* Store cookies in moz-compatible SQLite format */
   filename = g_build_filename (ephy_dot_dir (), "cookies.sqlite", NULL);
   jar = soup_cookie_jar_sqlite_new (filename, FALSE);
-- 
cgit v1.2.3