From fded74ad56cd94b0de5d9cbef71698b8abbc0240 Mon Sep 17 00:00:00 2001
From: "Douglas R. Reno" <renodr@linuxfromscratch.org>
Date: Mon, 18 Oct 2021 13:18:01 -0500
Subject: [PATCH] Fix CVE-2021-39359 by forcing TLS certificate validation

This was done by adding "ssl-use-system-ca-file", TRUE to the options
for each soup_session_new_with_options() call that was made.

Tested on Linux From Scratch 11.0 and Debian 11.

Fixes #249

(cherry picked from commit bebdffb4de586fb43fd07ac549121f4b22f6812d)
---
 providers/web/gda-web-provider.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/providers/web/gda-web-provider.c b/providers/web/gda-web-provider.c
index 4acbca69b..598b20766 100644
--- a/providers/web/gda-web-provider.c
+++ b/providers/web/gda-web-provider.c
@@ -385,8 +385,8 @@ gda_web_provider_open_connection (GdaServerProvider *provider, GdaConnection *cn
 	cdata->mutex = gda_mutex_new ();
 	cdata->server_id = NULL;
 	cdata->forced_closing = FALSE;
-	cdata->worker_session = soup_session_sync_new ();
-	cdata->front_session = soup_session_sync_new_with_options ("max-conns-per-host", 1, NULL);
+	cdata->worker_session = soup_session_new_with_options ("ssl-use-system-ca-file", TRUE, NULL);
+	cdata->front_session = soup_session_new_with_options ("max-conns-per-host", 1, "ssl-use-system-ca-file", TRUE, NULL);
 	if (use_ssl) {
 		server_url = g_string_new ("https://");
 		g_print ("USING SSL\n");
-- 
2.34.1