Bug 741410 – http: restore HTTPS strict safety

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 741410 - http: restore HTTPS strict safety


Summary:	http: restore HTTPS strict safety


Status:	RESOLVED DUPLICATE of bug 708306

Product:	gvfs
Classification:	Core
Component:	general
Version:	unspecified
Hardware:	Other All

Importance:	Normal normal
Target Milestone:	---
Assigned To:	gvfs-maint
QA Contact:	gvfs-maint

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2014-12-11 20:54 UTC by Giovanni Campagna
Modified:	2014-12-12 06:13 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
http: restore HTTPS strict safety (1.10 KB, patch) 2014-12-11 20:54 UTC, Giovanni Campagna	none	Details \| Review

Description Giovanni Campagna 2014-12-11 20:54:52 UTC

Set the SoupSession to be strict about ssl failures (which is
the default), so that invalid or expired certificates abort
the connection instead of potentially exposing the system
to hijackers.

Comment 1 Giovanni Campagna 2014-12-11 20:54:59 UTC

Created attachment 292571 [details] [review]
http: restore HTTPS strict safety

Comment 2 Ross Lagerwall 2014-12-12 06:13:57 UTC

The problem is how to allow users to browse self-signed sites, etc. This is pretty common for users' owncloud setups.

*** This bug has been marked as a duplicate of bug 708306 ***