After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 658870 - extensionSystem: Use the system cert list
extensionSystem: Use the system cert list
Status: RESOLVED FIXED
Product: gnome-shell
Classification: Core
Component: general
unspecified
Other All
: Normal normal
: ---
Assigned To: gnome-shell-maint
gnome-shell-maint
Depends on:
Blocks:
 
 
Reported: 2011-09-13 02:22 UTC by Jasper St. Pierre (not reading bugmail)
Modified: 2011-09-13 21:37 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
extensionSystem: Use the system cert list (3.30 KB, patch)
2011-09-13 02:22 UTC, Jasper St. Pierre (not reading bugmail) 		committed Details | Review

Description Jasper St. Pierre (not reading bugmail) 2011-09-13 02:22:20 UTC 
Otherwise we might do "bad stuff" when blindly accepting a self-signed cert.

configure check stolen from glib-networking
Comment 1 Jasper St. Pierre (not reading bugmail) 2011-09-13 02:22:23 UTC 
Created attachment 196324 [details] [review]
extensionSystem: Use the system cert list

libsoup won't check for a valid cert by default, so copy some logic from
glib-networking to check against the system cert list. Additionally, allow a
fallback for developers, ~/.local/share/extensions.gnome.org.crt, for easy
local development of the website.
Comment 2 Dan Winship 2011-09-13 12:51:02 UTC 
Comment on attachment 196324 [details] [review]
extensionSystem: Use the system cert list

>+   AC_DEFINE_UNQUOTED(GTLS_SYSTEM_CA_FILE, ["$with_ca_certificates"], [The system TLS CA list])

s/GTLS/SHELL/

otherwise looks good
Comment 3 Jasper St. Pierre (not reading bugmail) 2011-09-13 21:37:40 UTC 
Attachment 196324 [details] pushed as fa593a3 - extensionSystem: Use the system cert list