Commit 8eff8fa9 authored by Philip Withnall's avatar Philip Withnall
Browse files

core: Validate SSL certificates for all connections

This prevents MitM attacks which use spoofed SSL certificates.

Closes: https://bugzilla.gnome.org/show_bug.cgi?id=671535
parent 032a4bbd
......@@ -97,6 +97,13 @@ AC_CHECK_FUNCS([strtol])
AC_CHECK_FUNCS([strtoul])
AC_CHECK_HEADERS([sys/time.h])
# System SSL CA certificates
AC_ARG_WITH(ca-certs,
AS_HELP_STRING([--with-ca-certs=PATH],[location of SSL CA certificates (default: /etc/ssl/certs/ca-certificates.crt)]),
ca_certs="$withval",
ca_certs="/etc/ssl/certs/ca-certificates.crt")
AC_DEFINE_UNQUOTED(CA_CERTS, "$ca_certs", [Where to look for SSL CA certificates])
# Internationalisation support
GETTEXT_PACKAGE=gdata
AC_DEFINE_UNQUOTED(GETTEXT_PACKAGE, ["$GETTEXT_PACKAGE"], [Define to the Gettext package name])
......
......@@ -2042,7 +2042,7 @@ _gdata_service_get_log_level (void)
SoupSession *
_gdata_service_build_session (void)
{
SoupSession *session = soup_session_sync_new ();
SoupSession *session = soup_session_sync_new_with_options (SOUP_SESSION_SSL_CA_FILE, CA_CERTS, NULL);
#ifdef HAVE_GNOME
soup_session_add_feature_by_type (session, SOUP_TYPE_GNOME_FEATURES_2_26);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment