Bug 663783 – Need to specify a CA file to protect against MITM

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 663783 - Need to specify a CA file to protect against MITM


Summary:	Need to specify a CA file to protect against MITM


Status:	RESOLVED FIXED

Product:	librest
Classification:	Platform
Component:	proxy
Version:	git master
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	---
Assigned To:	librest-maint
QA Contact:

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2011-11-10 16:12 UTC by Rob Bradford
Modified:	2011-11-10 16:32 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description Rob Bradford 2011-11-10 16:12:03 UTC

See - https://bugzilla.redhat.com/show_bug.cgi?id=752022

If ssl-strict is TRUE in libsoup (default TRUE) then we if we provide an SSL (ssl-ca-file) certificate file - non trusted certificates will cause an SSL failure.

Comment 1 Rob Bradford 2011-11-10 16:28:00 UTC

commit e01f2be50938a629cec7adaace3d7635282369d2
Author: Rob Bradford <rob@linux.intel.com>
Date:   Thu Nov 10 16:26:07 2011 +0000

    proxy: Force all SSL certificates to be trusted
    
    By setting the CA file we make it a certificate error if the certificate
    is self-signed.
    
    Fixes: https://bugzilla.gnome.org/show_bug.cgi?id=663783

commit 9229ec62b17660536d1bb1e9af6abab2c1ea6dac
Author: Rob Bradford <rob@linux.intel.com>
Date:   Thu Nov 10 16:23:16 2011 +0000

    build: Detect CA file location
    
    It will autodetect and also allow the setting of the CA file by a configure
    option.
    
    This code was stolen from glib-networking's configure.ac
    
    Fixes: https://bugzilla.gnome.org/show_bug.cgi?id=663783