From 8eff8fa9138859e03e58c2aa76600ab63eb5c29c Mon Sep 17 00:00:00 2001
From: Philip Withnall <philip@tecnocode.co.uk>
Date: Thu, 08 Mar 2012 00:09:08 +0000
Subject: core: Validate SSL certificates for all connections
This prevents MitM attacks which use spoofed SSL certificates.
Closes: https://bugzilla.gnome.org/show_bug.cgi?id=671535
---
Index: libgdata-0.6.6/configure.ac
===================================================================
--- libgdata-0.6.6.orig/configure.ac
+++ libgdata-0.6.6/configure.ac
@@ -87,6 +87,13 @@ fi
AC_SUBST(GNOME_CFLAGS)
AC_SUBST(GNOME_LIBS)
+# System SSL CA certificates
+AC_ARG_WITH(ca-certs,
+ AS_HELP_STRING([--with-ca-certs=PATH],[location of SSL CA certificates (default: /etc/ssl/certs/ca-certificates.crt)]),
+ ca_certs="$withval",
+ ca_certs="/etc/ssl/certs/ca-certificates.crt")
+AC_DEFINE_UNQUOTED(CA_CERTS, "$ca_certs", [Where to look for SSL CA certificates])
+
# Internationalisation support
GETTEXT_PACKAGE=gdata
AC_DEFINE_UNQUOTED(GETTEXT_PACKAGE, ["$GETTEXT_PACKAGE"], [Define to the Gettext package name])
Index: libgdata-0.6.6/gdata/gdata-service.c
===================================================================
--- libgdata-0.6.6.orig/gdata/gdata-service.c
+++ libgdata-0.6.6/gdata/gdata-service.c
@@ -200,7 +200,7 @@ static void
gdata_service_init (GDataService *self)
{
self->priv = G_TYPE_INSTANCE_GET_PRIVATE (self, GDATA_TYPE_SERVICE, GDataServicePrivate);
- self->priv->session = soup_session_sync_new ();
+ self->priv->session = soup_session_sync_new_with_options (SOUP_SESSION_SSL_CA_FILE, CA_CERTS, NULL);
#ifdef HAVE_GNOME
soup_session_add_feature_by_type (self->priv->session, SOUP_TYPE_GNOME_FEATURES_2_26);
distrib
>
Mandriva
>
2011.0
>
i586
>
media
>
main-updates-src
>
by-pkgid
>
561e4994bece6292734b45f86cfef632
>
files
>
2
