From 12256b4f1cc7def560824ed5fb3c506669709a32 Mon Sep 17 00:00:00 2001
From: Milan Crha <mcrha@redhat.com>
Date: Mon, 23 Apr 2012 12:42:50 +0200
Subject: Bug #671537 - Option to validate SSL certificates with libsoup

---
 plugins/caldav/caldav-browse-server.c              | 20 +++++++++++++---
 plugins/caldav/caldav-browse-server.h              |  9 ++++++-
 plugins/caldav/caldav-source.c                     | 15 ++++++++++--
 plugins/calendar-http/calendar-http.c              | 28 +++++++++++++++++++---
 .../webdav-account-setup/webdav-contacts-source.c  | 10 ++++++++
 5 files changed, 73 insertions(+), 9 deletions(-)

(limited to 'plugins')

diff --git a/plugins/caldav/caldav-browse-server.c b/plugins/caldav/caldav-browse-server.c
index 789396e91a..8ff459cf1c 100644
--- a/plugins/caldav/caldav-browse-server.c
+++ b/plugins/caldav/caldav-browse-server.c
@@ -1279,7 +1279,8 @@ init_dialog (GtkDialog *dialog,
              const gchar *username,
              const gchar *usermail,
              gboolean autoschedule,
-             gint source_type)
+             gint source_type,
+	     gboolean ignore_invalid_cert)
 {
 	GtkBox *content_area;
 	GtkWidget *label, *info_box, *spinner, *info_label, *hbox;
@@ -1413,7 +1414,10 @@ init_dialog (GtkDialog *dialog,
 	gtk_widget_hide (*new_url_entry);
 	gtk_widget_hide (spinner);
 
-	session = soup_session_sync_new ();
+	session = soup_session_sync_new_with_options (
+		SOUP_SESSION_SSL_USE_SYSTEM_CA_FILE, !ignore_invalid_cert,
+		NULL);
+
 	if (g_getenv ("CALDAV_DEBUG") != NULL) {
 		SoupLogger *logger;
 
@@ -1581,6 +1585,7 @@ caldav_browse_server (GtkWindow *parent,
                       const gchar *server_url,
                       const gchar *username,
                       gboolean use_ssl,
+		      gboolean ignore_invalid_cert,
                       gchar **new_usermail,
                       gboolean *new_autoschedule,
                       gint source_type)
@@ -1616,7 +1621,16 @@ caldav_browse_server (GtkWindow *parent,
 	new_url_entry = NULL;
 	new_usermail_combo = NULL;
 	new_autoschedule_check = NULL;
-	init_dialog (GTK_DIALOG (dialog), &new_url_entry, &new_usermail_combo, &new_autoschedule_check, url, username, new_usermail ? *new_usermail : NULL, new_autoschedule ? *new_autoschedule : FALSE, source_type);
+	init_dialog (GTK_DIALOG (dialog),
+		&new_url_entry,
+		&new_usermail_combo,
+		&new_autoschedule_check,
+		url,
+		username,
+		new_usermail ? *new_usermail : NULL,
+		new_autoschedule ? *new_autoschedule : FALSE,
+		source_type,
+		ignore_invalid_cert);
 
 	if (new_url_entry && gtk_dialog_run (GTK_DIALOG (dialog)) == GTK_RESPONSE_OK) {
 		const gchar *txt;
diff --git a/plugins/caldav/caldav-browse-server.h b/plugins/caldav/caldav-browse-server.h
index 6a275f1726..8f37603838 100644
--- a/plugins/caldav/caldav-browse-server.h
+++ b/plugins/caldav/caldav-browse-server.h
@@ -26,6 +26,13 @@
 
 /* Opens a window with a list of available calendars for a given server;
  * Returns server URL of a calendar user chose, or NULL to let it be as is. */
-gchar *caldav_browse_server (GtkWindow *parent, const gchar *server_url, const gchar *username, gboolean use_ssl, gchar **new_usermail, gboolean *new_autoschedule, gint source_type);
+gchar *	caldav_browse_server	(GtkWindow *parent,
+				 const gchar *server_url,
+				 const gchar *username,
+				 gboolean use_ssl,
+				 gboolean ignore_invalid_cert,
+				 gchar **new_usermail,
+				 gboolean *new_autoschedule,
+				 gint source_type);
 
 #endif /* CALDAV_BROWSE_SERVER_H */
diff --git a/plugins/caldav/caldav-source.c b/plugins/caldav/caldav-source.c
index b56b4b2c5f..130d0fa834 100644
--- a/plugins/caldav/caldav-source.c
+++ b/plugins/caldav/caldav-source.c
@@ -153,7 +153,7 @@ browse_cal_clicked_cb (GtkButton *button,
                        gpointer user_data)
 {
 	GtkEntry *url, *username, *usermail;
-	GtkToggleButton *ssl, *autoschedule;
+	GtkToggleButton *ssl, *ignore_cert, *autoschedule;
 	gchar *new_url, *new_usermail;
 	gboolean new_autoschedule;
 
@@ -161,6 +161,7 @@ browse_cal_clicked_cb (GtkButton *button,
 
 	url = g_object_get_data (G_OBJECT (button), "caldav-url");
 	ssl = g_object_get_data (G_OBJECT (button), "caldav-ssl");
+	ignore_cert = g_object_get_data (G_OBJECT (button), "caldav-ignore-cert");
 	username = g_object_get_data (G_OBJECT (button), "caldav-username");
 	usermail = g_object_get_data (G_OBJECT (button), "caldav-usermail");
 	autoschedule = g_object_get_data (G_OBJECT (button), "caldav-autoschedule");
@@ -169,6 +170,8 @@ browse_cal_clicked_cb (GtkButton *button,
 	g_return_if_fail (GTK_IS_ENTRY (url));
 	g_return_if_fail (ssl != NULL);
 	g_return_if_fail (GTK_IS_TOGGLE_BUTTON (ssl));
+	g_return_if_fail (ignore_cert != NULL);
+	g_return_if_fail (GTK_IS_TOGGLE_BUTTON (ignore_cert));
 	g_return_if_fail (username != NULL);
 	g_return_if_fail (GTK_IS_ENTRY (username));
 	g_return_if_fail (usermail != NULL);
@@ -184,6 +187,7 @@ browse_cal_clicked_cb (GtkButton *button,
 		gtk_entry_get_text (url),
 		gtk_entry_get_text (username),
 		gtk_toggle_button_get_active (ssl),
+		gtk_toggle_button_get_active (ignore_cert),
 		&new_usermail,
 		&new_autoschedule,
 		GPOINTER_TO_INT (user_data));
@@ -208,7 +212,7 @@ oge_caldav (EPlugin *epl,
 	ECalConfigTargetSource *t = (ECalConfigTargetSource *) data->target;
 	ESource      *source;
 	SoupURI      *suri;
-	GtkWidget    *parent, *location, *ssl, *user, *mail, *autoschedule, *browse_cal;
+	GtkWidget    *parent, *location, *ssl, *ignore_cert, *user, *mail, *autoschedule, *browse_cal;
 	gchar        *uri, *username;
 	guint         n_rows;
 
@@ -246,6 +250,12 @@ oge_caldav (EPlugin *epl,
 		G_CALLBACK (location_changed_cb), source);
 
 	ssl = e_plugin_util_add_check (parent, _("Use _secure connection"), source, "ssl", "1", "0");
+	ignore_cert = e_plugin_util_add_check (parent, _("_Ignore invalid SSL certificate"), source, "ignore-invalid-cert", "1", NULL);
+
+	g_object_bind_property (
+		ssl, "active",
+		ignore_cert, "sensitive",
+		G_BINDING_SYNC_CREATE);
 
 	user = e_plugin_util_add_entry (parent, _("User_name:"), NULL, NULL);
 	gtk_entry_set_text (GTK_ENTRY (user), username ? username : "");
@@ -271,6 +281,7 @@ oge_caldav (EPlugin *epl,
 
 	g_object_set_data (G_OBJECT (browse_cal), "caldav-url", location);
 	g_object_set_data (G_OBJECT (browse_cal), "caldav-ssl", ssl);
+	g_object_set_data (G_OBJECT (browse_cal), "caldav-ignore-cert", ignore_cert);
 	g_object_set_data (G_OBJECT (browse_cal), "caldav-username", user);
 	g_object_set_data (G_OBJECT (browse_cal), "caldav-usermail", mail);
 	g_object_set_data (G_OBJECT (browse_cal), "caldav-autoschedule", autoschedule);
diff --git a/plugins/calendar-http/calendar-http.c b/plugins/calendar-http/calendar-http.c
index f88b6af879..b0b2560cac 100644
--- a/plugins/calendar-http/calendar-http.c
+++ b/plugins/calendar-http/calendar-http.c
@@ -137,7 +137,7 @@ e_calendar_http_secure (EPlugin *epl,
                         EConfigHookItemFactoryData *data)
 {
 	ECalConfigTargetSource *t = (ECalConfigTargetSource *) data->target;
-	GtkWidget *secure_setting;
+	GtkWidget *secure_setting, *ignore_cert, *grid;
 
 	if ((!e_plugin_util_is_source_proto (t->source, "http") &&
 	     !e_plugin_util_is_source_proto (t->source, "https") &&
@@ -146,7 +146,7 @@ e_calendar_http_secure (EPlugin *epl,
 	}
 
 	secure_setting = e_plugin_util_add_check (
-		data->parent, _("Use _secure connection"),
+		NULL, _("Use _secure connection"),
 		t->source, "use_ssl", "1", "0");
 
 	/* Store pointer to secure checkbox so we can retrieve it in url_changed() */
@@ -154,7 +154,29 @@ e_calendar_http_secure (EPlugin *epl,
 		G_OBJECT (data->parent), "secure_checkbox",
 		(gpointer) secure_setting);
 
-	return secure_setting;
+	ignore_cert = e_plugin_util_add_check (NULL, _("_Ignore invalid SSL certificate"), t->source, "ignore-invalid-cert", "1", NULL);
+
+	g_object_bind_property (
+		secure_setting, "active",
+		ignore_cert, "sensitive",
+		G_BINDING_SYNC_CREATE);
+
+	grid = gtk_grid_new ();
+	gtk_grid_attach (GTK_GRID (grid), secure_setting, 0, 0, 1, 1);
+	gtk_grid_attach (GTK_GRID (grid), ignore_cert, 0, 1, 1, 1);
+	gtk_widget_show_all (grid);
+
+	if (GTK_IS_TABLE (data->parent)) {
+		gint row;
+		
+		g_object_get (data->parent, "n-rows", &row, NULL);
+
+		gtk_table_attach (GTK_TABLE (data->parent), grid, 1, 2, row , row + 1, GTK_FILL, 0, 0, 0);
+	} else {
+		gtk_container_add (GTK_CONTAINER (data->parent), grid);
+	}
+
+	return grid;
 }
 
 static void
diff --git a/plugins/webdav-account-setup/webdav-contacts-source.c b/plugins/webdav-account-setup/webdav-contacts-source.c
index f81abe3e24..ef6a102ff1 100644
--- a/plugins/webdav-account-setup/webdav-contacts-source.c
+++ b/plugins/webdav-account-setup/webdav-contacts-source.c
@@ -219,6 +219,7 @@ plugin_webdav_contacts (EPlugin *epl,
 
 	GtkWidget    *section;
 	GtkWidget    *vbox2;
+	GtkWidget    *ignore_cert;
 
 	GtkBox       *hbox;
 	GtkWidget    *spacer;
@@ -288,6 +289,15 @@ plugin_webdav_contacts (EPlugin *epl,
 	gtk_box_pack_start (hbox, GTK_WIDGET (uidata->avoid_ifmatch_toggle),
 			   FALSE, FALSE, 0);
 
+	hbox = GTK_BOX (gtk_hbox_new (FALSE, 10));
+	gtk_box_pack_start (GTK_BOX (vbox2), GTK_WIDGET (hbox), TRUE, TRUE, 0);
+
+	spacer = gtk_label_new("   ");
+	gtk_box_pack_start (hbox, spacer, FALSE, FALSE, 0);
+
+	ignore_cert = e_plugin_util_add_check (NULL, _("_Ignore invalid SSL certificate"), source, "ignore-invalid-cert", "1", NULL);
+	gtk_box_pack_start (hbox, ignore_cert, TRUE, TRUE, 0);
+
 	set_ui_from_source (uidata);
 
 	gtk_widget_show_all (vbox2);
-- 
cgit v1.2.3