Commit edde7c63 authored by Debarshi Ray's avatar Debarshi Ray

Guard against invalid SSL certificates

None of the branded providers (eg., Google, Facebook and Windows Live)
should ever have an invalid certificate. So set "ssl-strict" on the
SoupSession object being used by GoaWebView.

Providers like ownCloud and Exchange might have to deal with
certificates that are not up to the mark. eg., self-signed
certificates. For those, show a warning when the account is being
created, and only proceed if the user decides to ignore it. In any
case, save the status of the certificate that was used to create the
account. So an account created with a valid certificate will never
work with an invalid one, and one created with an invalid certificate
will not throw any further warnings.

Fixes: CVE-2013-0240
parent 5e555ec7
......@@ -448,6 +448,12 @@
server.
-->
<interface name="org.gnome.OnlineAccounts.Calendar">
<!-- AcceptSslErrors:
@since: 3.8.0
Accept SSL/TLS errors caused by invalid certificates.
-->
<property name="AcceptSslErrors" type="b" access="read"/>
<!-- Uri:
@since: 3.8.0
The top-level location of the calendars.
......@@ -464,6 +470,12 @@
server.
-->
<interface name="org.gnome.OnlineAccounts.Contacts">
<!-- AcceptSslErrors:
@since: 3.8.0
Accept SSL/TLS errors caused by invalid certificates.
-->
<property name="AcceptSslErrors" type="b" access="read"/>
<!-- Uri:
@since: 3.8.0
The top-level location of the contacts.
......@@ -509,6 +521,11 @@
server.
-->
<interface name="org.gnome.OnlineAccounts.Files">
<!-- AcceptSslErrors:
Accept SSL/TLS errors caused by invalid certificates.
-->
<property name="AcceptSslErrors" type="b" access="read"/>
<!-- Uri:
The top-level location of the files.
......@@ -529,6 +546,12 @@
a Microsoft Exchange server.
-->
<interface name="org.gnome.OnlineAccounts.Exchange">
<!-- AcceptSslErrors:
@since: 3.8.0
Accept SSL/TLS errors caused by invalid certificates.
-->
<property name="AcceptSslErrors" type="b" access="read"/>
<!-- Host:
The Exchange server to use. This is always a domain name.
......
/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */
/*
* Copyright (C) 2011 Red Hat, Inc.
* Copyright (C) 2011, 2013 Red Hat, Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
......@@ -38,6 +38,7 @@ G_BEGIN_DECLS
* @GOA_ERROR_DIALOG_DISMISSED: The dialog was dismissed.
* @GOA_ERROR_ACCOUNT_EXISTS: Account already exists.
* @GOA_ERROR_NOT_AUTHORIZED: Not authorized to perform operation.
* @GOA_ERROR_SSL: Invalid SSL certificate.
*
* Error codes for the #GOA_ERROR error domain and the
* corresponding D-Bus error names.
......@@ -48,10 +49,11 @@ typedef enum
GOA_ERROR_NOT_SUPPORTED, /* org.gnome.OnlineAccounts.Error.NotSupported */
GOA_ERROR_DIALOG_DISMISSED, /* org.gnome.OnlineAccounts.Error.DialogDismissed */
GOA_ERROR_ACCOUNT_EXISTS, /* org.gnome.OnlineAccounts.Error.AccountExists */
GOA_ERROR_NOT_AUTHORIZED /* org.gnome.OnlineAccounts.Error.NotAuthorized */
GOA_ERROR_NOT_AUTHORIZED, /* org.gnome.OnlineAccounts.Error.NotAuthorized */
GOA_ERROR_SSL /* org.gnome.OnlineAccounts.Error.SSL */
} GoaError;
#define GOA_ERROR_NUM_ENTRIES (GOA_ERROR_NOT_AUTHORIZED + 1)
#define GOA_ERROR_NUM_ENTRIES (GOA_ERROR_SSL + 1)
G_END_DECLS
......
/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */
/*
* Copyright (C) 2011 Red Hat, Inc.
* Copyright (C) 2011, 2013 Red Hat, Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
......@@ -39,7 +39,8 @@ static const GDBusErrorEntry dbus_error_entries[] =
{GOA_ERROR_NOT_SUPPORTED, "org.freedesktop.Goa.Error.NotSupported"},
{GOA_ERROR_DIALOG_DISMISSED, "org.gnome.OnlineAccounts.Error.DialogDismissed"},
{GOA_ERROR_ACCOUNT_EXISTS, "org.gnome.OnlineAccounts.Error.AccountExists"},
{GOA_ERROR_NOT_AUTHORIZED, "org.gnome.OnlineAccounts.Error.NotAuthorized"}
{GOA_ERROR_NOT_AUTHORIZED, "org.gnome.OnlineAccounts.Error.NotAuthorized"},
{GOA_ERROR_SSL, "org.gnome.OnlineAccounts.Error.SSL"}
};
GQuark
......
/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */
/*
* Copyright (C) 2012 Red Hat, Inc.
* Copyright (C) 2012, 2013 Red Hat, Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
......@@ -35,6 +35,7 @@
#include "goalogging.h"
#include "goaewsclient.h"
#include "goautils.h"
struct _GoaEwsClient
{
......@@ -78,6 +79,7 @@ typedef struct
GSimpleAsyncResult *res;
SoupMessage *msgs[2];
SoupSession *session;
gboolean accept_ssl_errors;
gulong cancellable_id;
xmlOutputBuffer *buf;
} AutodiscoverData;
......@@ -175,7 +177,9 @@ ews_client_autodiscover_response_cb (SoupSession *session, SoupMessage *msg, gpo
{
GError *error;
AutodiscoverData *data = user_data;
GTlsCertificateFlags cert_flags;
gboolean op_res;
gboolean using_https;
guint status;
gint idx;
gsize size;
......@@ -212,6 +216,16 @@ ews_client_autodiscover_response_cb (SoupSession *session, SoupMessage *msg, gpo
goto out;
}
if (!data->accept_ssl_errors)
{
using_https = soup_message_get_https_status (msg, NULL, &cert_flags);
if (using_https && cert_flags != 0)
{
goa_utils_set_error_ssl (&error, cert_flags);
goto out;
}
}
soup_buffer_free (soup_message_body_flatten (SOUP_MESSAGE (msg)->response_body));
g_debug ("The response headers");
g_debug ("===================");
......@@ -404,6 +418,7 @@ goa_ews_client_autodiscover (GoaEwsClient *client,
const gchar *password,
const gchar *username,
const gchar *server,
gboolean accept_ssl_errors,
GCancellable *cancellable,
GAsyncReadyCallback callback,
gpointer user_data)
......@@ -442,9 +457,13 @@ goa_ews_client_autodiscover (GoaEwsClient *client,
data->res = g_simple_async_result_new (G_OBJECT (client), callback, user_data, goa_ews_client_autodiscover);
data->msgs[0] = ews_client_create_msg_for_url (url1, buf);
data->msgs[1] = ews_client_create_msg_for_url (url2, buf);
data->session = soup_session_async_new_with_options (SOUP_SESSION_USE_NTLM, TRUE,
data->session = soup_session_async_new_with_options (SOUP_SESSION_SSL_USE_SYSTEM_CA_FILE, TRUE,
SOUP_SESSION_SSL_STRICT, FALSE,
SOUP_SESSION_USE_NTLM, TRUE,
SOUP_SESSION_USE_THREAD_CONTEXT, TRUE,
NULL);
data->accept_ssl_errors = accept_ssl_errors;
if (cancellable != NULL)
{
data->cancellable = g_object_ref (cancellable);
......@@ -514,6 +533,7 @@ goa_ews_client_autodiscover_sync (GoaEwsClient *client,
const gchar *password,
const gchar *username,
const gchar *server,
gboolean accept_ssl_errors,
GCancellable *cancellable,
GError **error)
{
......@@ -531,6 +551,7 @@ goa_ews_client_autodiscover_sync (GoaEwsClient *client,
password,
username,
server,
accept_ssl_errors,
cancellable,
ews_client_autodiscover_sync_cb,
&data);
......
/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */
/*
* Copyright (C) 2012 Red Hat, Inc.
* Copyright (C) 2012, 2013 Red Hat, Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
......@@ -42,6 +42,7 @@ void goa_ews_client_autodiscover (GoaEwsClient *client,
const gchar *password,
const gchar *username,
const gchar *server,
gboolean accept_ssl_errors,
GCancellable *cancellable,
GAsyncReadyCallback callback,
gpointer gpointer);
......@@ -53,6 +54,7 @@ gboolean goa_ews_client_autodiscover_sync (GoaEwsClient *client,
const gchar *password,
const gchar *username,
const gchar *server,
gboolean accept_ssl_errors,
GCancellable *cancellable,
GError **error);
......
/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */
/*
* Copyright (C) 2012 Red Hat, Inc.
* Copyright (C) 2012, 2013 Red Hat, Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
......@@ -203,11 +203,16 @@ build_object (GoaProvider *provider,
exchange = goa_object_get_exchange (GOA_OBJECT (object));
if (exchange == NULL)
{
gboolean accept_ssl_errors;
gchar *host;
accept_ssl_errors = g_key_file_get_boolean (key_file, group, "AcceptSslErrors", NULL);
host = g_key_file_get_string (key_file, group, "Host", NULL);
exchange = goa_exchange_skeleton_new ();
g_object_set (G_OBJECT (exchange), "host", host, NULL);
g_object_set (G_OBJECT (exchange),
"accept-ssl-errors", accept_ssl_errors,
"host", host,
NULL);
goa_object_skeleton_set_exchange (object, exchange);
g_free (host);
}
......@@ -261,6 +266,7 @@ ensure_credentials_sync (GoaProvider *provider,
GoaAccount *account;
GoaEwsClient *ews_client;
GoaExchange *exchange;
gboolean accept_ssl_errors;
gboolean ret;
const gchar *email_address;
const gchar *server;
......@@ -306,6 +312,7 @@ ensure_credentials_sync (GoaProvider *provider,
}
exchange = goa_object_peek_exchange (object);
accept_ssl_errors = goa_exchange_get_accept_ssl_errors (exchange);
server = goa_exchange_get_host (exchange);
ews_client = goa_ews_client_new ();
......@@ -314,6 +321,7 @@ ensure_credentials_sync (GoaProvider *provider,
password,
username,
server,
accept_ssl_errors,
cancellable,
error);
if (!ret)
......@@ -624,6 +632,7 @@ add_account (GoaProvider *provider,
GVariantBuilder details;
GoaEwsClient *ews_client;
GoaObject *ret;
gboolean accept_ssl_errors;
const gchar *email_address;
const gchar *server;
const gchar *password;
......@@ -632,6 +641,8 @@ add_account (GoaProvider *provider,
gint response;
ews_client = NULL;
accept_ssl_errors = FALSE;
ret = NULL;
memset (&data, 0, sizeof (AddAccountData));
......@@ -679,6 +690,7 @@ add_account (GoaProvider *provider,
password,
username,
server,
accept_ssl_errors,
data.cancellable,
autodiscover_cb,
&data);
......@@ -700,6 +712,17 @@ add_account (GoaProvider *provider,
{
gchar *markup;
if (data.error->code == GOA_ERROR_SSL)
{
gtk_button_set_label (GTK_BUTTON (data.connect_button), _("_Ignore"));
accept_ssl_errors = TRUE;
}
else
{
gtk_button_set_label (GTK_BUTTON (data.connect_button), _("_Try Again"));
accept_ssl_errors = FALSE;
}
markup = g_strdup_printf ("<b>%s:</b> %s",
_("Error connecting to Microsoft Exchange server"),
data.error->message);
......@@ -708,7 +731,6 @@ add_account (GoaProvider *provider,
gtk_label_set_markup (GTK_LABEL (data.cluebar_label), markup);
g_free (markup);
gtk_button_set_label (GTK_BUTTON (data.connect_button), _("_Try Again"));
gtk_expander_set_expanded (GTK_EXPANDER (data.expander), TRUE);
gtk_widget_set_no_show_all (data.cluebar, FALSE);
gtk_widget_show_all (data.cluebar);
......@@ -725,6 +747,7 @@ add_account (GoaProvider *provider,
g_variant_builder_add (&details, "{ss}", "CalendarEnabled", "true");
g_variant_builder_add (&details, "{ss}", "ContactsEnabled", "true");
g_variant_builder_add (&details, "{ss}", "Host", server);
g_variant_builder_add (&details, "{ss}", "AcceptSslErrors", (accept_ssl_errors) ? "true" : "false");
/* OK, everything is dandy, add the account */
/* we want the GoaClient to update before this method returns (so it
......@@ -781,6 +804,7 @@ refresh_account (GoaProvider *provider,
GoaExchange *exchange;
GtkWidget *dialog;
GtkWidget *vbox;
gboolean accept_ssl_errors;
gboolean ret;
const gchar *email_address;
const gchar *server;
......@@ -842,6 +866,7 @@ refresh_account (GoaProvider *provider,
username = goa_account_get_identity (account);
exchange = goa_object_peek_exchange (object);
accept_ssl_errors = goa_exchange_get_accept_ssl_errors (exchange);
server = goa_exchange_get_host (exchange);
g_cancellable_reset (data.cancellable);
......@@ -850,6 +875,7 @@ refresh_account (GoaProvider *provider,
password,
username,
server,
accept_ssl_errors,
data.cancellable,
autodiscover_cb,
&data);
......
......@@ -612,6 +612,7 @@ ensure_credentials_sync (GoaProvider *provider,
uri_caldav,
username,
password,
FALSE,
cancellable,
error);
if (!ret)
......
/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */
/*
* Copyright (C) 2012 Red Hat, Inc.
* Copyright (C) 2012, 2013 Red Hat, Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
......@@ -28,6 +28,7 @@
#include "goalogging.h"
#include "goahttpclient.h"
#include "goautils.h"
struct _GoaHttpClient
{
......@@ -71,6 +72,7 @@ typedef struct
GSimpleAsyncResult *res;
SoupMessage *msg;
SoupSession *session;
gboolean accept_ssl_errors;
gulong cancellable_id;
} CheckData;
......@@ -136,7 +138,9 @@ http_client_check_response_cb (SoupSession *session, SoupMessage *msg, gpointer
{
GError *error;
CheckData *data = user_data;
GTlsCertificateFlags cert_flags;
gboolean op_res;
gboolean using_https;
error = NULL;
op_res = FALSE;
......@@ -153,6 +157,16 @@ http_client_check_response_cb (SoupSession *session, SoupMessage *msg, gpointer
goto out;
}
if (!data->accept_ssl_errors)
{
using_https = soup_message_get_https_status (msg, NULL, &cert_flags);
if (using_https && cert_flags != 0)
{
goa_utils_set_error_ssl (&error, cert_flags);
goto out;
}
}
op_res = TRUE;
out:
......@@ -183,6 +197,7 @@ goa_http_client_check (GoaHttpClient *client,
const gchar *uri,
const gchar *username,
const gchar *password,
gboolean accept_ssl_errors,
GCancellable *cancellable,
GAsyncReadyCallback callback,
gpointer user_data)
......@@ -199,13 +214,17 @@ goa_http_client_check (GoaHttpClient *client,
data = g_slice_new0 (CheckData);
data->res = g_simple_async_result_new (G_OBJECT (client), callback, user_data, goa_http_client_check);
data->session = soup_session_async_new_with_options (SOUP_SESSION_USE_THREAD_CONTEXT, TRUE,
data->session = soup_session_async_new_with_options (SOUP_SESSION_SSL_USE_SYSTEM_CA_FILE, TRUE,
SOUP_SESSION_SSL_STRICT, FALSE,
SOUP_SESSION_USE_THREAD_CONTEXT, TRUE,
NULL);
logger = soup_logger_new (SOUP_LOGGER_LOG_BODY, -1);
soup_logger_set_printer (logger, http_client_log_printer, NULL, NULL);
soup_session_add_feature (data->session, SOUP_SESSION_FEATURE (logger));
g_object_unref (logger);
data->accept_ssl_errors = accept_ssl_errors;
data->msg = soup_message_new (SOUP_METHOD_GET, uri);
soup_message_headers_append (data->msg->request_headers, "Connection", "close");
......@@ -271,6 +290,7 @@ goa_http_client_check_sync (GoaHttpClient *client,
const gchar *uri,
const gchar *username,
const gchar *password,
gboolean accept_ssl_errors,
GCancellable *cancellable,
GError **error)
{
......@@ -287,6 +307,7 @@ goa_http_client_check_sync (GoaHttpClient *client,
uri,
username,
password,
accept_ssl_errors,
cancellable,
http_client_check_sync_cb,
&data);
......
/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */
/*
* Copyright (C) 2012 Red Hat, Inc.
* Copyright (C) 2012, 2013 Red Hat, Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
......@@ -41,6 +41,7 @@ void goa_http_client_check (GoaHttpClient *client,
const gchar *uri,
const gchar *username,
const gchar *password,
gboolean accept_ssl_errors,
GCancellable *cancellable,
GAsyncReadyCallback callback,
gpointer gpointer);
......@@ -51,6 +52,7 @@ gboolean goa_http_client_check_sync (GoaHttpClient *client,
const gchar *uri,
const gchar *username,
const gchar *password,
gboolean accept_ssl_errors,
GCancellable *cancellable,
GError **error);
......
/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */
/*
* Copyright (C) 2012 Red Hat, Inc.
* Copyright (C) 2012, 2013 Red Hat, Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
......@@ -110,6 +110,7 @@ build_object (GoaProvider *provider,
GoaFiles *files;
GoaPasswordBased *password_based;
SoupURI *uri;
gboolean accept_ssl_errors;
gboolean calendar_enabled;
gboolean contacts_enabled;
gboolean files_enabled;
......@@ -158,6 +159,8 @@ build_object (GoaProvider *provider,
if (uri != NULL)
soup_uri_set_user (uri, identity);
accept_ssl_errors = g_key_file_get_boolean (key_file, group, "AcceptSslErrors", NULL);
/* Calendar */
calendar = goa_object_get_calendar (GOA_OBJECT (object));
calendar_enabled = g_key_file_get_boolean (key_file, group, "CalendarEnabled", NULL);
......@@ -179,7 +182,10 @@ build_object (GoaProvider *provider,
}
calendar = goa_calendar_skeleton_new ();
g_object_set (G_OBJECT (calendar), "uri", uri_caldav, NULL);
g_object_set (G_OBJECT (calendar),
"accept-ssl-errors", accept_ssl_errors,
"uri", uri_caldav,
NULL);
goa_object_skeleton_set_calendar (object, calendar);
g_free (uri_caldav);
}
......@@ -211,7 +217,10 @@ build_object (GoaProvider *provider,
}
contacts = goa_contacts_skeleton_new ();
g_object_set (G_OBJECT (contacts), "uri", uri_carddav, NULL);
g_object_set (G_OBJECT (contacts),
"accept-ssl-errors", accept_ssl_errors,
"uri", uri_carddav,
NULL);
goa_object_skeleton_set_contacts (object, contacts);
g_free (uri_carddav);
}
......@@ -250,7 +259,10 @@ build_object (GoaProvider *provider,
}
files = goa_files_skeleton_new ();
g_object_set (G_OBJECT (files), "uri", uri_webdav, NULL);
g_object_set (G_OBJECT (files),
"accept-ssl-errors", accept_ssl_errors,
"uri", uri_webdav,
NULL);
goa_object_skeleton_set_files (object, files);
g_free (uri_webdav);
}
......@@ -305,6 +317,7 @@ ensure_credentials_sync (GoaProvider *provider,
GVariant *credentials;
GoaAccount *account;
GoaHttpClient *http_client;
gboolean accept_ssl_errors;
gboolean ret;
const gchar *username;
gchar *password;
......@@ -335,6 +348,7 @@ ensure_credentials_sync (GoaProvider *provider,
goto out;
}
accept_ssl_errors = goa_util_lookup_keyfile_boolean (object, "AcceptSslErrors");
uri = goa_util_lookup_keyfile_string (object, "Uri");
uri_webdav = g_strconcat (uri, WEBDAV_ENDPOINT, NULL);
......@@ -358,6 +372,7 @@ ensure_credentials_sync (GoaProvider *provider,
uri_webdav,
username,
password,
accept_ssl_errors,
cancellable,
error);
if (!ret)
......@@ -680,6 +695,7 @@ add_account (GoaProvider *provider,
GVariantBuilder details;
GoaHttpClient *http_client;
GoaObject *ret;
gboolean accept_ssl_errors;
const gchar *uri_text;
const gchar *password;
const gchar *username;
......@@ -691,6 +707,7 @@ add_account (GoaProvider *provider,
gint response;
http_client = NULL;
accept_ssl_errors = FALSE;
presentation_identity = NULL;
server = NULL;
uri = NULL;
......@@ -742,6 +759,7 @@ add_account (GoaProvider *provider,
uri_webdav,
username,
password,
accept_ssl_errors,
data.cancellable,
check_cb,
&data);
......@@ -765,6 +783,17 @@ add_account (GoaProvider *provider,
{
gchar *markup;
if (data.error->code == GOA_ERROR_SSL)
{
gtk_button_set_label (GTK_BUTTON (data.connect_button), _("_Ignore"));
accept_ssl_errors = TRUE;
}
else
{
gtk_button_set_label (GTK_BUTTON (data.connect_button), _("_Try Again"));
accept_ssl_errors = FALSE;
}
markup = g_strdup_printf ("<b>%s:</b> %s",
_("Error connecting to ownCloud server"),
data.error->message);
......@@ -773,7 +802,6 @@ add_account (GoaProvider *provider,
gtk_label_set_markup (GTK_LABEL (data.cluebar_label), markup);
g_free (markup);
gtk_button_set_label (GTK_BUTTON (data.connect_button), _("_Try Again"));
gtk_widget_set_no_show_all (data.cluebar, FALSE);
gtk_widget_show_all (data.cluebar);
......@@ -792,6 +820,7 @@ add_account (GoaProvider *provider,
g_variant_builder_add (&details, "{ss}", "ContactsEnabled", "true");
g_variant_builder_add (&details, "{ss}", "FilesEnabled", "true");
g_variant_builder_add (&details, "{ss}", "Uri", uri);
g_variant_builder_add (&details, "{ss}", "AcceptSslErrors", (accept_ssl_errors) ? "true" : "false");
/* OK, everything is dandy, add the account */
/* we want the GoaClient to update before this method returns (so it
......@@ -850,6 +879,7 @@ refresh_account (GoaProvider *provider,
GoaHttpClient *http_client;
GtkWidget *dialog;
GtkWidget *vbox;
gboolean accept_ssl_errors;
gboolean ret;
const gchar *password;
const gchar *username;
......@@ -889,6 +919,7 @@ refresh_account (GoaProvider *provider,
create_account_details_ui (provider, GTK_DIALOG (dialog), GTK_BOX (vbox), FALSE, &data);
accept_ssl_errors = goa_util_lookup_keyfile_boolean (object, "AcceptSslErrors");
uri = goa_util_lookup_keyfile_string (object, "Uri");
gtk_entry_set_text (GTK_ENTRY (data.uri), uri);
gtk_editable_set_editable (GTK_EDITABLE (data.uri), FALSE);
......@@ -921,6 +952,7 @@ refresh_account (GoaProvider *provider,
uri_webdav,
username,
password,
accept_ssl_errors,
data.cancellable,
check_cb,
&data);
......
/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */
/*
* Copyright (C) 2012 Red Hat, Inc.
* Copyright (C) 2012, 2013 Red Hat, Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
......@@ -465,3 +465,43 @@ goa_utils_keyfile_set_string (GoaAccount *account, const gchar *key, const gchar
g_free (group);
g_free (path);
}
void
goa_utils_set_error_ssl (GError **err, GTlsCertificateFlags flags)
{
const gchar *error_msg;
switch (flags)
{
case G_TLS_CERTIFICATE_UNKNOWN_CA:
error_msg = _("The signing certificate authority is not known.");
break;
case G_TLS_CERTIFICATE_BAD_IDENTITY:
error_msg = _("The certificate does not match the expected identity of the site that it was "
"retrieved from.");
break;
case G_TLS_CERTIFICATE_NOT_ACTIVATED:
error_msg = _("The certificate's activation time is still in the future.");
break;
case G_TLS_CERTIFICATE_EXPIRED:
error_msg = _("The certificate has expired.");
break;
case G_TLS_CERTIFICATE_REVOKED:
error_msg = _("The certificate has been revoked.");
break;
case G_TLS_CERTIFICATE_INSECURE:
error_msg = _("The certificate's algorithm is considered insecure.");
break;
default:
error_msg = _("Invalid certificate.");
break;
}
g_set_error (err, GOA_ERROR, GOA_ERROR_SSL, error_msg);
}
/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */
/*
* Copyright (C) 2012 Red Hat, Inc.
* Copyright (C) 2012, 2013 Red Hat, Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
......@@ -27,6 +27,7 @@
#ifndef __GOA_UTILS_H__
#define __GOA_UTILS_H__
#include <gio/gio.h>
#include <glib.h>
#include <gtk/gtk.h>
#include <goabackend/goabackendtypes.h>
......@@ -71,6 +72,8 @@ void goa_utils_keyfile_set_boolean (GoaAccount *account, const gchar
void goa_utils_keyfile_set_string (GoaAccount *account, const gchar *key, const gchar *value);
void goa_utils_set_error_ssl (GError **err, GTlsCertificateFlags flags);
G_END_DECLS
#endif /* __GOA_UTILS_H__ */
/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*-
*
* Copyright (C) 2012 Red Hat, Inc.
* Copyright (C) 2012, 2013 Red Hat, Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
......@@ -235,6 +235,7 @@ goa_web_view_init (GoaWebView *self)
priv = self->priv;
session = webkit_get_default_session ();
g_object_set (session, SOUP_SESSION_SSL_USE_SYSTEM_CA_FILE, TRUE, SOUP_SESSION_SSL_STRICT, TRUE, NULL);
soup_session_add_feature_by_type (session, SOUP_TYPE_PROXY_RESOLVER_DEFAULT);
g_object_set (session, "accept-language-auto", TRUE, NULL);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment