Don't silently accept self-signed certificate
Submitted by Christophe Fergeau
Assigned to gvf..@..e.bugs
Link to original bug (#708306)
Description
This patch series updates the http backend to use the SoupSession class that was introduced in recent libsoup releases. My motivation for that is that currently gvfs will silently accept self-signed certificate in https connections due to the defaults used in SoupSessionSync/SoupSessionAsync. The defaults are more strict in SoupSession, see https://developer.gnome.org/libsoup/stable/libsoup-session-porting.html
The end result is that before this patch, gvfs-copy https://linuxfr.org/images/sections/83.png . works, and after it fails with 'SSL handshake failed' (the certificate is a CACert one, which is not in the default CA trust store).
I've only lightly tested the end result (only a few gvfs-copy calls)...